ports/57470: [SECURITY] port sysutils/cfengine2: remote root exploit
Oliver Eikemeier
eikemeier at fillmore-labs.com
Wed Oct 1 17:10:18 UTC 2003
>Number: 57470
>Category: ports
>Synopsis: [SECURITY] port sysutils/cfengine2: remote root exploit
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Oct 01 10:10:15 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator: Oliver Eikemeier
>Release: FreeBSD 4.8-STABLE i386
>Organization:
Fillmore Labs - http://www.fillmore-labs.com
>Environment:
System: FreeBSD nuuk.fillmore-labs.com 4.8-STABLE
>Description:
cfengine < 2.0.8 seems to be vulnerable to a remote root exploit.
Port sysutils/cfengine2 has version 2.0.3, the port is part of the
upcoming 4.9 release.
The FreeBSD Security Officer Team was notified on September 30th, 2003.
>How-To-Repeat:
Advisories:
http://www.securityfocus.com/archive/1/339083
http://packetstormsecurity.nl/0309-advisories/cfengine.txt
http://www.securityfocus.com/bid/8699/
http://mail.gnu.org/archive/html/bug-cfengine/2003-08/msg00014.html
Exploit:
http://www.securityfocus.com/archive/1/339492 (Red Hat)
>Fix:
PR 56710 has an update to version 2.0.8p1, which is not vulnerable.
Otherwise the port should be marked forbidden until it is upgraded.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list