-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:17 Security Advisory FreeBSD, Inc. Topic: mod_frontpage port contains exploitable buffer overflow Category: ports Module: mod_frontpage Announced: 2002-03-12 Credits: Martin Blapp Affects: mod_frontpage port prior to version mod_portname-1.6.1 Corrected: 2002-02-05 16:18:42 2002 UTC FreeBSD only: NO I. Background mod_frontpage is a replacecement for Microsoft's frontpage apache patch to support FP extensions. It is installed as a DSO module. II. Problem Description Affected versions of the mod_frontpage port contains several exploitable buffer overflows in the fpexec wrapper, which is installed setuid root. The mod_frontpage port is not installed by default, nor is it "part of FreeBSD" as such: it is part of the FreeBSD ports collection, which contains over 6000 third-party applications in a ready-to-install format. The ports collection shipped with FreeBSD 4.5 contains this security problem since it was discovered after the release. FreeBSD makes no claim about the security of these third-party applications, although an effort is underway to provide a security audit of the most security-critical ports. III. Impact A local attacker may obtain superuser privileges by exploiting the buffer overflow bugs in fpexec. IV. Workaround 1) Deinstall the mod_frontpage ports/packages if you have them installed. V. Solution Do one of the following: 1) Upgrade your entire ports collection and rebuild the port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from the following directories: [i386] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ [alpha] Packages are not automatically generated for the alpha architecture at this time due to lack of build resources. NOTE: It may be several days before updated packages are available. 3) Download a new port skeleton for the mod_frontpage port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz VI. Correction details The following list contains the $FreeBSD$ revision numbers of each file that was corrected in the FreeBSD source. Path Revision - ------------------------------------------------------------------------- ports/www/mod_frontpage/Makefile 1.7 ports/www/mod_frontpage/distinfo 1.4 ports/www/mod_frontpage/files/patch-Makefile.PL 1.3 ports/www/mod_frontpage/files/patch-Makefile.in 1.1 ports/www/mod_frontpage/files/patch-mod_frontpage.c 1.4 - ------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iQCVAwUBPI4O11UuHi5z0oilAQF43wQAlp8eUBSGRLb1ggNxDVwzvB40ZEOWrIB0 6P3xIvUW6bFXsHgrBm+WuF7evUm8K85hs1QPp4nDUSdgWArxP9izdSXMKsJ0rtkA RAeDMgpMOsDoQaKl9ljDVFbf9xs3hTO6S3UsRaRuQeTvcqhsKRZNbUvOVrAULEOG GZ6n2CFh+Rk= =sCnv -----END PGP SIGNATURE-----