|
Vulnerability brouted Affected brouted Description Following is based on a FreeBSD-SA-00:43 Security Advisory by FreeBSD. The brouted port is incorrectly installed setgid kmem, and contains several exploitable buffer overflows in command-line arguments. An attacker exploiting these to gain kmem privilege can easily upgrade to full root access by manipulating kernel memory. The brouted port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection. The ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE contain this problem, since it was discovered after the releases during internal auditing. Solution Execute the following command as root to remove the setgid bit on the /usr/local/sbin/brouted file: # chmod g-s /usr/local/bin/brouted Solutio is one of the following: 1) Upgrade your entire ports collection and rebuild the brouted port 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/brouted-1.2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/brouted-1.2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/brouted-1.2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/brouted-1.2b.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/brouted-1.2b.tgz 3) download a new port skeleton for the brouted port from: http://www.freebsd.org/ports/ and use it to rebuild the port.