Vulnerability

    eject

Affected

    Those using eject package

Description

    Following is based on a FreeBSD-SA-00:49 Security Advisory.  Eject
    is a  utility for  ejecting the  media from  a CD  or optical disk
    drive.

    The eject program is  installed setuid root, and  contains several
    exploitable  buffers  which  can  be  overflowed  by  local users,
    yielding  root  privileges.   Unprivileged  users  can obtain root
    privileges on the local system.

    If you  have not  chosen to  install the  eject port/package, then
    your system is not vulnerable to this problem.

Solution

    Deinstall the  eject port/package,  if you  have installed  it, or
    limit  the  file  permissions  on  the  /usr/local/sbin/eject file
    (e.g. remove setuid permission, or limit it to a trusted group).

    Solution is one of the following:

        1) Upgrade your entire ports collection and rebuild the  eject
           port.
        2) Deinstall the old package  and install a new package  dated
           after the correction date, obtained from:
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz
        3) download a new port skeleton for the eject port from:
           http://www.freebsd.org/ports/
           and use it to rebuild the port.