In association with heise online

16 January 2008, 15:20

Security updates for FreeBSD

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The developers of FreeBSD have published updates for several vulnerabilities in the open source operating system that allows denial of service attacks against affected systems, remote code execution, or access to confidential information.

An "off-by-one" error in the inet_network() function, which is used to resolve domain names to IP addresses and vice versa, can lead to a buffer overflow if specially chosen parameters are passed to the function. This can result in code injection into the program calling the function. The attack could be mounted remotely against any server using the function.

A separate vulnerability allows an attacker to read information from another user's terminal. The openpty() function does not set the access permissions for opened pseudo terminals correctly, making them world readable. Users can therefore read text output from other unprivileged users' terminals, although not from those of the superuser, root. An error in ptsname() enables users with a restricted pseudo terminal to take over the pt_chown() function and to read text output. When a terminal is attacked in this way, text no longer appears on the original user's screen, alerting the user to the attack.

The problem in handling pseudo-terminals affects FreeBSD 5.0 and 6.0 and later versions; the domain name resolution error affects FreeBSD 6.2. The developers recommend that administrators either upgrade to the 7.0-PRERELEASE, 6-STABLE, RELENG_7_0, RELENG_6_3 or RELENG_6_2 security branch or download and install the patches, which are linked to in the security advisory. The latest versions of the 5-STABLE, RELENG_6_1 or RELENG_5_5 security branch will patch the pseudo terminal security holes.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit