FreeBSD Orville-write Port Vulnerability

A vulnerability has been discovered in the Orville-write package, as distributed as part of the FreeBSD port system. The binary /usr/local/bin/huh is incorrectly installed setuid root. This, combined with a buffer overrun, may allow local users to gain root privileges.

The orville-write package is not part of FreeBSD proper. It is available, without any claims about security, as part of the FreeBSD port package. This package is only installed if the user deliberately installs the port.


Privacy Statement
Copyright 2010, SecurityFocus