• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Vendor BSD pppd Arbitrary File Permission Modification Race Condition Vulnerability

Solution:
NetBSD has reissued their advisory. Users are strongly urged to upgrade systems to NetBSD 1.6 which is not vulnerable to this issue. Further details are available in the referenced advisory.

Patches are available:


OpenBSD OpenBSD 3.1

• OpenBSD 011_pppd.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/011_pppd.patch

OpenBSD OpenBSD 3.0

• OpenBSD 028_pppd.patch
  ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.0/common/028_pppd.patch

FreeBSD FreeBSD 4.4

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.4 -STABLE

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.4 -RELENG

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.5 -STABLE

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.5

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.5 -RELEASE

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.6

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.6 -RELEASE

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch

FreeBSD FreeBSD 4.6 -STABLE

• FreeBSD pppd.patch
  The following commands must be executed as the root user:# cd /usr/src# patch < /path/to/patch# cd /usr/src/usr.sbin/pppd# make depend && make && make install
  ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch