FreeBSD Security Advisory: FreeBSD-SA-00:13.generic-nqs

FreeBSD Security Officer security-officer at
Wed Apr 19 14:26:51 PDT 2000


FreeBSD-SA-00:13                                           Security Advisory
                                                                FreeBSD, Inc.

Topic:		generic-nqs contains a local root compromise

Category:       ports
Module:         generic-nqs
Announced:      2000-04-19
Credits:	Philippe Andersson <philippe_andersson at STE.SCITEX.COM>
		via BugTraq
Affects:        Ports collection before the correction date.
Corrected:      2000-04-16
Vendor status:	Updated version released.
FreeBSD only:   NO

I.   Background

Generic-NQS is a Network Queuing System for batch-processing jobs across
multiple machines.

II.  Problem Description

Generic-NQS versions 3.50.7 and earlier contain a security vulnerability
which allow a local user to easily obtain root privileges. Unfortunately,
further details of the location and nature of the vulnerability were not
provided by the original poster, upon request of the Generic-NQS

The generic-nqs port is not installed by default, nor is it "part of
FreeBSD" as such: it is part of the FreeBSD ports collection, which
contains over 3200 third-party applications in a ready-to-install
format. The ports collection shipped with FreeBSD 4.0 contains this
problem since it was discovered after the release.

FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.

III. Impact

A local user can obtain root privileges by exploiting a vulnerability
in the generic-nqs package.

If you have not chosen to install the generic-nqs port/package, then your
system is not vulnerable to this problem.

IV.  Workaround

Remove the generic-nqs port, if you you have installed it.

V.   Solution

1) Upgrade your entire ports collection and rebuild the generic-nqs port.

2) Reinstall a new package dated after the correction date, obtained from:

Note that it may be a few days before the updated package is available.

3) download a new port skeleton for the generic-nqs port from:

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

Version: 2.6.2


This is the moderated mailing list freebsd-announce.
The list contains announcements of new FreeBSD capabilities,
important events and project milestones.
See also the FreeBSD Web pages at

To Unsubscribe: send mail to majordomo at
with "unsubscribe freebsd-announce" in the body of the message

More information about the freebsd-announce mailing list