Security updates for FreeBSD
The developers of FreeBSD report the discovery of two vulnerabilities in system tools included with their operating system. Insufficient checking of the path indicators .. and . when GNU tar opens tar archives allows attackers to overwrite files on a system with the victim's rights. The hole has been known for some three months. As a workaround, the developers recommend using bsdtar, which has been the standard tar tool since FreeBSD 5.3 anyway. Nevertheless, a patch has now been made available for GNU tar.
There also turns out to be a problem with the internal state tracking used in the pseudo-random number generators random and urandom, which apparently allows attackers to access previously generated random numbers. The report says, however, that access to the system is required if attackers want to bypass security mechanisms using this vulnerability. All FreeBSD versions are affected. A patch has been released to remedy the problem.
- gtar directory traversal vulnerability, FreeBSD's security advisory
- Random value disclosure, FreeBSD's security advisory
(mba)