Vulnerability

    brouted

Affected

    brouted

Description

    Following  is  based  on  a  FreeBSD-SA-00:43 Security Advisory by
    FreeBSD.  The brouted  port is incorrectly installed  setgid kmem,
    and contains several exploitable buffer overflows in  command-line
    arguments.  An  attacker exploiting these  to gain kmem  privilege
    can  easily  upgrade  to  full  root access by manipulating kernel
    memory.

    The brouted port is not installed  by default, nor is it "part  of
    FreeBSD" as  such: it  is part  of the  FreeBSD ports  collection.
    The  ports  collections  shipped  with  FreeBSD  3.5-RELEASE   and
    4.1-RELEASE contain  this problem,  since it  was discovered after
    the releases during internal auditing.

Solution

    Execute the following command as root to remove the setgid bit  on
    the /usr/local/sbin/brouted file:

        # chmod g-s /usr/local/bin/brouted

    Solutio is one of the following:

        1) Upgrade  your  entire  ports  collection  and  rebuild  the
           brouted port
        2) Deinstall the old package  and install a new package  dated
           after the correction date, obtained from:
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/brouted-1.2b.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/brouted-1.2b.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/brouted-1.2b.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/brouted-1.2b.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/brouted-1.2b.tgz
        3) download a new port skeleton for the brouted port from:
           http://www.freebsd.org/ports/
           and use it to rebuild the port.