From owner-doc-jp@jp.freebsd.org  Tue Nov  7 09:48:19 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id JAA62468;
	Tue, 7 Nov 2000 09:48:19 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from eos.ocn.ne.jp (eos.ocn.ne.jp [210.190.142.171])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id JAA62463
	for <doc-jp@jp.freebsd.org>; Tue, 7 Nov 2000 09:48:18 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
Received: from mail.hrslab.yi.org (p0189-ip01funabasi.chiba.ocn.ne.jp [211.123.225.189])
	by eos.ocn.ne.jp (8.9.1a/OCN/) with ESMTP id JAA11671
	for <doc-jp@jp.freebsd.org>; Tue, 7 Nov 2000 09:48:15 +0900 (JST)
Message-Id: <200011070048.JAA11671@eos.ocn.ne.jp>
Received: from localhost (alph.hrslab.yi.org [192.168.0.10])
	by mail.hrslab.yi.org (8.9.3/3.7W/DomainMaster) with ESMTP id JAA12570
	for <doc-jp@jp.freebsd.org>; Tue, 7 Nov 2000 09:43:48 +0900 (JST)
	(envelope-from hrs@eos.ocn.ne.jp)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20001106195827.5C6BA37B4CF@hub.freebsd.org>
References: <20001106195827.5C6BA37B4CF@hub.freebsd.org>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Multipart/Mixed;
 boundary="--Next_Part(Tue_Nov__7_09:43:23_2000_809)--"
Content-Transfer-Encoding: 7bit
Date: Tue, 07 Nov 2000 09:43:47 +0900
From: Hiroki Sato <hrs@eos.ocn.ne.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 364
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 7812
Subject: [doc-jp 7812] Re: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump [REISSUED]
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: hrs@eos.ocn.ne.jp

----Next_Part(Tue_Nov__7_09:43:23_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:4F#!wEl5~M}2JBg3X$G$9!#(B

 00:61,62 $B$N2~D{HG!#$[$H$s$IJQ99$O$"$j$^$;$s$N$G(B
 $B$^$H$a$F$D$1$F$*$-$^$9!#(B

--
| $B:4F#(B $B9-@8!wEl5~M}2JBg3X(B <hrs@eos.ocn.ne.jp>
|
| sato@sekine00.ee.noda.sut.ac.jp (UNIV)
| hrs@FreeBSD.org (FreeBSD Project)

----Next_Part(Tue_Nov__7_09:43:23_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: attachment; filename="00:61"
Content-Transfer-Encoding: 7bit

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: ANNOUNCE: FreeBSD Security Advisory: FreeBSD-SA-00:61.tcpdump [REISSUED]
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon,  6 Nov 2000 11:58:27 -0800 (PST)
  Message-Id: <20001106195827.5C6BA37B4CF@hub.freebsd.org>
  X-Sequence: announce-jp ***

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)

=============================================================================
FreeBSD-SA-00:61                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	tcpdump contains remote vulnerabilities [REISSUED]

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	tcpdump
$B9pCNF|(B:		2000-10-31
$B2~D{F|(B:         2000-11-06
$B%/%l%8%C%H(B:	$BFbIt%;%-%e%j%F%#4F::Cf$KH/8+(B
$B1F6AHO0O(B:	FreeBSD 4.2 $B$h$jA0$N$9$Y$F$N(B FreeBSD 3.x, 4.x $B%j%j!<%9(B
                $B=$@5F|0JA0$N(B FreeBSD 3.5.1-STABLE $B$*$h$S(B 4.1.1-STABLE
$B=$@5F|(B:		2000-10-04 (FreeBSD 4.1.1-STABLE)
		2000-10-05 (FreeBSD 3.5.1-STABLE)
$B%Y%s%@$NBP1~(B:	$B=$@5%Q%C%A$,8x3+:Q$_(B
FreeBSD $B$K8GM-$+(B:	NO

0.   $B2~D{MzNr(B - Revision History

v1.0  2000-10-31  $B=iHG8x3+(B
v1.1  2000-11-06  $B=$@5%Q%C%A$ND{@5(B


I.   $BGX7J(B - Background

tcpdump $B$O%M%C%H%o!<%/$N2TF/>uBV$r%b%K%?%j%s%0$9$k%D!<%k$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

$BFbIt%;%-%e%j%F%#4F::$N:](B, FreeBSD $B$K4^$^$l$k(B tcpdump $B$NCf$K(B
$B%P%C%U%!%*!<%P%U%m!<$N4m81@-$r;}$D%P%C%U%!$,H/8+$5$l$^$7$?(B.
$B$=$N$&$A$N$$$/$D$+$O(B, $B%j%b!<%H$N967b<T$,%m!<%+%k$N(B tcpdump $B%W%m%;%9$r(B
$B%/%i%C%7%e$5$;$k$N$KMxMQ2DG=$J$b$N$G$9(B.  $B$^$?(B, FreeBSD 4.0-RELEASE,
4.1-RELEASE $B$*$h$S(B 4.1.1-RELEASE $B$K4^$^$l$F$$$k?7$7$$%P!<%8%g%s$N(B
tcpdump (tcpdump 3.5) $B$K$O(B, AFS ACL $B%Q%1%C%H$N%G%3!<%IItJ,$K(B
$B%j%b!<%H$N967b<T$,%m!<%+%k%7%9%F%`$GG$0U$N%3!<%I$r<B9T(B (tcpdump $B$O(B
root $B8"8B$rMW5a$9$k$?$a(B, $BDL>o$O(B root $B8"8B$G(B) $B$G$-$k$h$&$J(B,
$B$h$j?<9o$J<eE@$,B8:_$7$^$9(B.

$B0l$DL\$NLdBjE@$O(B, tcpdump $B$r;H$C$F?/F~8!CN%7%9%F%`(B (intrusion detection
system) $B$r9=C[$7$F$$$k>l9g$KLdBj$H$J$j$^$9(B.  $B$?$H$($P(B
$B%M%C%H%o!<%/$N2x$7$$5sF0$r%b%K%?%j%s%0$7$F$$$k>l9g(B, $B967b<T$,2TF/Cf$N(B
tcpdump $B%W%m%;%9$r%/%i%C%7%e$5$;$k$H(B, $B$=$N8e$N%M%C%H%o!<%/>uBV$,(B
$B4Q;!$G$-$J$/$J$C$F$7$^$$$^$9(B.

FreeBSD 3.5.1-RELEASE, 4.0-RELEASE, 4.1-RELEASE $B$*$h$S(B 4.1.1-RELEASE $B$r4^$`(B,
$B=$@5F|0JA0$N$9$Y$F$N(B FreeBSD $B%j%j!<%9$K$O!V%j%b!<%H$+$i$N%/%i%C%7%e967b!W$K(B
$BBP$9$k<eE@$,(B, FreeBSD 4.0-RELEASE, 4.1-RELEASE $B$*$h$S(B 4.1.1-RELEASE $B$K$O(B
$B$5$i$K!V%j%b!<%H$+$iG$0U$N%3!<%I$,<B9T$G$-$k!W<eE@$,B8:_$7$^$9(B.
$BLdBjE@$ON>J}$H$b(B, 4.2-RELEASE $B$N%j%j!<%9A0$N(B 4.1.1-STABLE $B$G=$@5$5$l$F$$$^$9(B.

III. $B1F6AHO0O(B - Impact

$B%j%b!<%H%f!<%6$,%m!<%+%k$N(B tcpdump $B%W%m%;%9$r%/%i%C%7%e$5$;$k$3$H$,$G$-$^$9(B.
$B$^$?(B, ($B=$@5F|0JA0$N(B FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE $B$*$h$S(B
4.1.1-STABLE $B$G$O(B) $B%j%b!<%H%f!<%6$,(B tcpdump $B$r<B9T$7$F$$$k%f!<%6(B ($BDL>o$O(B
root) $B$N8"8B$GG$0U$N%3!<%I$r<B9T$G$-$k2DG=@-$,$"$j$^$9(B.

IV.  $B2sHrJ}K!(B - Workaround

$B<eE@$r;}$C$?%P!<%8%g%s$N(B tcpdump $B$r(B, $B?.Mj$G$-$J$$Aw?.85$+$i$N(B
$B%Q%1%C%H$,4^$^$l$k2DG=@-$N$"$k%M%C%H%o!<%/4D6-$G;HMQ$7$J$$$G$/$@$5$$(B.

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r(B, $B=$@5F|0J9_$N(B
   4.1.1-STABLE $B$b$7$/$O(B 3.5.1-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.

2a) $B=$@5F|0JA0$N(B FreeBSD 3.x $B%7%9%F%`$N>l9g(B

$B=$@5%Q%C%A$H(B PGP $B=pL>$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
PGP $B%f!<%F%#%j%F%#$r;H$C$F=pL>$r3NG'$7$F$/$@$5$$(B.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc

# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install

2b) $B=$@5F|0JA0$N(B FreeBSD 4.x $B%7%9%F%`$N>l9g(B

NOTE: The patch distributed with the original version of this advisory
was incomplete and did not include all of the security fixes made to
the tcpdump utility. In particular, it did not address the remote code
execution vulnerability.

$BCm0U(B: $B=iHG$N4+9p$GG[I[$5$l$?=$@5%Q%C%A$OIT40A4$G(B, tcpdump $B$KBP$9$k(B
      $B$9$Y$F$N%;%-%e%j%F%#>e$N=$@5$r4^$s$@$b$N$G$O$"$j$^$;$s$G$7$?(B.
      $BFC$K(B, $B%j%b!<%H$+$i%3!<%I$,<B9T$G$-$k<eE@$KBP$7$F$O$^$C$?$/(B
      $B8z2L$,$"$j$^$;$s(B.

$B=$@5%Q%C%A$H(B PGP $B=pL>$r0J2<$N>l=j$+$i%@%&%s%m!<%I$7(B,
PGP $B%f!<%F%#%j%F%#$r;H$C$F=pL>$r3NG'$7$F$/$@$5$$(B.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc

# cd /usr/src/contrib/tcpdump
# patch -p < /path/to/patch
# cd /usr/src/usr.sbin/tcpdump
# make depend && make all install

$hrs: FreeBSD-SA/00:61,v 1.4 2000/11/07 00:43:14 hrs Exp $

----Next_Part(Tue_Nov__7_09:43:23_2000_809)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Disposition: attachment; filename="00:62"
Content-Transfer-Encoding: 7bit

 $B$3$N%a!<%k$O(B, announce-jp $B$KN.$l$?(B

  Subject: FreeBSD Security Advisory: FreeBSD-SA-00:62.top [REISSUED]
  From: FreeBSD Security Advisories <security-advisories@freebsd.org>
  Date: Mon,  6 Nov 2000 12:01:10 -0800 (PST)
  Message-Id: <20001106200110.03CE337B4CF@hub.freebsd.org>
  X-Sequence: announce-jp ***

 $B$rF|K\8lLu$7$?$b$N$G$9(B. 

 $B$3$N4+9p$NCf$G>R2p$5$l$F$$$k(B WWW $B%5%$%H(B http://www.FreeBSD.org/ $B$*$h$S(B
 FTP $B%5%$%H(B ftp://ftp.FreeBSD.org/ $B$K$O(B, $BF|K\$N%_%i!<%5%$%H$,B8:_$7$^$9(B.
 $B%_%i!<%5%$%H$rMxMQ$9$k$K$O(B,
 http://www.FreeBSD.org/ $B$r(B http://www.jp.FreeBSD.org/www.freebsd.org/ $B$K(B,
 ftp://ftp.FreeBSD.org/ $B$r(B ftp://ftp.jp.FreeBSD.org/ $B$K(B,
 $B$=$l$>$lCV$-49$($F$/$@$5$$(B.

 $B%M%C%H%o!<%/$N:.;($r4KOB$9$k$?$a(B, $B$^$:$O%_%i!<%5%$%H$NMxMQ$r(B
 $B9MN8$9$k$h$&$*4j$$$7$^$9(B.  $B%_%i!<%5%$%H$K4X$9$k>\:Y$O(B

  http://www.FreeBSD.org/handbook/mirror.html ($B1QJ8(B)
  http://www.FreeBSD.org/ja/handbook/mirror.html ($BF|K\8lLu(B)

 $B$K(B, $B$^$?(B, $B2a5n$NF|K\8lHG%;%-%e%j%F%#4+9p$O(B

  http://www.FreeBSD.org/ja/security/

 $B$K$^$H$a$i$l$F$$$^$9(B.

 $B86J8$O(B PGP $B=pL>$5$l$F$$$^$9$,(B, $B$3$NF|K\8lLu$O(B PGP $B=pL>$5$l$F$$$^$;$s(B. 
 $B%Q%C%AEy$NFbMF$,2~cb$5$l$F$$$J$$$3$H$r3NG'$9$k$?$a$K(B PGP $B$N%A%'%C%/$r(B
 $B9T$J$&$K$O(B, $B86J8$r;2>H$7$F$/$@$5$$(B. 

 $BF|K\8lLu$O(B FreeBSD $BF|K\8l%I%-%e%a%s%F!<%7%g%s%W%m%8%'%/%H(B (doc-jp) $B$,;29M$N(B
 $B$?$a$KDs6!$9$k$b$N$G(B, doc-jp $B$O(B $B$=$NFbMF$K$D$$$F$$$+$J$kJ]>Z$b$$$?$7$^$;$s(B.
 $BF|K\8lLu$K$D$$$F$N$*Ld$$9g$o$;$O(B doc-jp@jp.FreeBSD.org $B$^$G$*4j$$$7$^$9(B.

--($B$3$3$+$i(B)
=============================================================================
FreeBSD-SA-00:62                                           Security Advisory
                                                                FreeBSD, Inc.

$B%H%T%C%/(B:	top allows reading of kernel memory [REISSUED]

$BJ,N`(B:		core
$B%b%8%e!<%k(B:	top
$B9pCNF|(B:		2000-11-01
$B2~D{F|(B:		2000-11-06
$B%/%l%8%C%H(B:	vort@wiretapped.net $B$,(B OpenBSD $B$GH/8+(B
$B1F6AHO0O(B:	FreeBSD 3.x ($B$9$Y$F$N%j%j!<%9(B),
                FreeBSD 4.x (4.2 $B$h$jA0$N$9$Y$F$N%j%j!<%9(B),
                $B=$@5F|0JA0$N(B FreeBSD 3.5.1-STABLE $B$*$h$S(B 4.1.1-STABLE
$B=$@5F|(B:		2000-11-04 (FreeBSD 4.1.1-STABLE)
                2000-11-05 (FreeBSD 3.5.1-STABLE)
FreeBSD $B$K8GM-$+(B:	NO

0.   $B2~D{MzNr(B - Revision History

v1.0  2000-11-01  $B=iHG8x3+(B
v1.1  2000-11-06  $B99?7$7$?=$@5%Q%C%A$r8x3+(B


I.   $BGX7J(B - Background

top $B$O(B CPU $B$d%a%b%j$N;HMQ>u67$H$$$C$?!"8=:_$N%7%9%F%`%j%=!<%9$NE}7W>pJs$r(B
$BI=<($9$k%f!<%F%#%j%F%#$G$9(B.  top $B$OFbIt$GJ]<i$5$l$F$$$k$b$N$G$O$J$/(B,
$B30It$+$i4sB#$5$l(B, FreeBSD $B$KI8=`$GAH$_9~$^$l$F$$$k%=%U%H%&%'%"$G$9(B.

II.  $BLdBj$N>\:Y(B - Problem Description

top(1) $B$K$O(B, $B9b$$8"8B$r;}$?$J$$%m!<%+%k%f!<%6$,(B top $B%W%m%;%9$r(B
$BMxMQ$7$FG$0U$N%3!<%I$r<B9T$G$-$k$h$&$J(B, $B!V=q<0;XDjJ8;zNs$K5/0x$9$k(B
$B%;%-%e%j%F%#>e$N<eE@!W$,H/8+$5$l$F$$$^$9(B.  top $B%f!<%F%#%j%F%#$O(B
$B%+!<%M%k%a%b%j$rFI$_=P$9$3$H$,2DG=(B ($B$?$@$7=q$-9~$_$OIT2D(B) $B$J9b$$8"8B$r(B
$B;}$D(B, kmem $B%0%k!<%W$N8"8B$G<B9T$5$l$^$9(B.  $B%+!<%M%k%a%b%j$rFI$`$3$H$N(B
$B$G$-$k%W%m%;%9$O(B, $B$?$H$($P%M%C%H%o!<%/%H%i%U%#%C%/(B, $B%G%#%9%/%P%C%U%!(B,
$BC<Kv$NI=<(>uBV$H$$$C$?%"%/%;%9$K9b$$8"8B$rI,MW$H$9$k%G!<%?$r(B
$B%b%K%?%j%s%0$9$k$3$H$,$G$-$k$?$a(B, $B%m!<%+%k%7%9%F%`(B, $B$"$k$$$OB>$N(B
$B%7%9%F%`$K$*$$$F(B, $B$=$N>pJs$,(B root $B8"8B$r4^$`(B, $B$5$i$K9b$$8"8B$r(B
$BF@$k$?$a$KMxMQ$5$l$k4m81@-$,$"$j$^$9(B.

FreeBSD 4.0, 4.1, 4.1.1 $B$*$h$S(B 3.5.1 $B$r4^$`(B, $B=$@5F|0JA0$N$9$Y$F$N(B
FreeBSD $B%j%j!<%9$,$3$NLdBj$N1F6A$r<u$1$^$9(B.
$BLdBjE@$N=$@5$O(B FreeBSD 4.2-RELEASE $B$N8x3+A0$N(B 4.1.1-STABLE $B%V%i%s%A$G(B
$B9T$J$o$l$^$7$?(B.


III. $B1F6AHO0O(B - Impact

$B%m!<%+%k%f!<%6$O%+!<%M%k%a%b%j$+$i(B, $B%"%/%;%9$K9b$$8"8B$rI,MW$H$9$k%G!<%?$r(B
$BFI$_=P$9$3$H$,2DG=$G$9(B.  $B%+!<%M%k%a%b%j$+$iFI$_=P$;$k%G!<%?$K$O(B,
$B%m!<%+%k$b$7$/$O%j%b!<%H%7%9%F%`$K$*$$$F(B, $B9b$$%"%/%;%98"8B$rF@$k$?$a$K(B
$BMxMQ$G$-$k$h$&$J>pJs$r4^$s$G$$$k2DG=@-$,$"$j$^$9(B.

IV.  $B2sHrJ}K!(B - Workaround

top $B%f!<%F%#%j%F%#$+$i(B setgid $B%S%C%H$r:o=|$7$F$/$@$5$$(B.  $B$3$l$K$h$j(B,
$B%9!<%Q%f!<%6$H(B kmem $B%0%k!<%W$KB0$7$F$$$k%f!<%60J30$N%f!<%6$O(B
top $B%f!<%F%#%j%F%#$rMxMQ$G$-$J$/$J$k$H$$$&I{:nMQ$,$"$j$^$9(B.

# chmod g-s /usr/bin/top

V.   $B2r7h:v(B - Solution

$B<!$N$$$:$l$+$K=>$C$F$/$@$5$$(B.

1) $B<eE@$r;}$C$?(B FreeBSD $B%7%9%F%`$r(B, $B=$@5F|0J9_$N(B
   4.1.1-STABLE $B$b$7$/$O(B 3.5.1-STABLE $B$K%"%C%W%0%l!<%I$7$^$9(B.

2) $B2<$N=$@5%Q%C%A$rE,MQ$7(B, $B4XO"%U%!%$%k$r:F9=C[$7$F$/$@$5$$(B.

NOTE: The original version of this advisory contained an incomplete
patch which does not fully eliminate the security vulnerability. The
additional vulnerability was pointed out by Przemyslaw Frasunek
<venglin@freebsd.lublin.pl>.

$BCm0U(B: $B=iHG$N4+9p$GG[I[$5$l$?=$@5%Q%C%A$OIT40A4$G(B, tcpdump $B$KBP$9$k(B
      $B$9$Y$F$N%;%-%e%j%F%#>e$N<eE@$r=$@5$9$k$b$N$G$O$"$j$^$;$s$G$7$?(B.
      $B$=$N=$@5$5$l$F$$$J$+$C$?%;%-%e%j%F%#>e$N<eE@$O(B, Przemyslaw Frasunek
      <venglin@freebsd.lublin.pl> $B$N;XE&$K$h$C$FH/8+$5$l$?$b$N$G$9(B.

$B$3$N4+9p$r%U%!%$%k$KJ]B8$9$k$+(B, $B=$@5%Q%C%A$H(B PGP $B=pL>$r0J2<$N>l=j$+$i(B
$B%@%&%s%m!<%I$7(B, PGP $B%f!<%F%#%j%F%#$r;H$C$F=pL>$r3NG'$7$^$9(B.

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1.asc

$B$=$7$F(B root $B8"8B$G<!$N%3%^%s%I$r<B9T$7$^$9(B.

# cd /usr/src/contrib/top
# patch -p < /path/to/patch_or_advisory
# cd /usr/src/usr.bin/top
# make depend && make all install

$B<eE@$r;}$C$?%7%9%F%`MQ$N=$@5%Q%C%A(B:

    Index: display.c
    ===================================================================
    RCS file: /mnt/ncvs/src/contrib/top/display.c,v
    retrieving revision 1.4
    retrieving revision 1.5
    diff -u -r1.4 -r1.5
    --- display.c	1999/01/09 20:20:33	1.4
    +++ display.c	2000/10/04 23:34:16	1.5
    @@ -829,7 +831,7 @@
         register int i;
     
         /* first, format the message */
    -    (void) sprintf(next_msg, msgfmt, a1, a2, a3);
    +    (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3);
     
         if (msglen > 0)
         {
    Index: top.c
    ===================================================================
    RCS file: /mnt/ncvs/src/contrib/top/top.c,v
    retrieving revision 1.4
    retrieving revision 1.5
    diff -u -r1.4 -r1.5
    --- top.c	1999/01/09 20:20:34	1.4
    +++ top.c	2000/10/04 23:34:16	1.5
    @@ -807,7 +809,7 @@
     				{
     				    if ((errmsg = kill_procs(tempbuf2)) != NULL)
     				    {
    -					new_message(MT_standout, errmsg);
    +					new_message(MT_standout, "%s", errmsg);
     					putchar('\r');
     					no_command = Yes;
     				    }
    Index: top.c
    ===================================================================
    RCS file: /mnt/ncvs/src/contrib/top/top.c,v
    retrieving revision 1.5
    retrieving revision 1.6
    diff -u -r1.5 -r1.6
    --- top.c  2000/10/04 23:34:16     1.5
    +++ top.c  2000/11/03 22:00:10     1.6
    @@ -826,7 +826,7 @@
                               {
                                   if ((errmsg = renice_procs(tempbuf2)) != NULL)
                                   {
    -                                  new_message(MT_standout, errmsg);
    +                                  new_message(MT_standout, "%s", errmsg);
                                       putchar('\r');
                                       no_command = Yes;
                                   }

$hrs: FreeBSD-SA/00:62,v 1.7 2000/11/07 00:43:14 hrs Exp $

----Next_Part(Tue_Nov__7_09:43:23_2000_809)----
