[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
 
 discussions
- read forum
- new topic
- search
 

 meetings
- meetings list
- recent additions
- add your info
 
 top 100 sites
- visit top sites
- sign up now
- members
 
 webmasters

- add your url
- add domain
- search box
- link to us

 
 projects
- our projects
- free email
 
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Logdaemon/FreeBSD vulnerability in S/Key

Title: Logdaemon/FreeBSD vulnerability in S/Key
Released by: VENEMA
Date: 14th June 1995
Printable version: Click here 
A vulnerability exists in my own S/Key software enhancements.  Since

these enhancements are in wide-spread use, a public announcement is 

appropriate.  The vulnerability affects the following products:



        FreeBSD version 1.1.5.1

        FreeBSD version 2.0

        logdaemon versions before 4.9



I recommend that users of this software follow the instructions given

below in section III. 



- -----------------------------------------------------------------------------



I.   Description



     An obscure oversight was found in software that I derived from

     the S/Key software from Bellcore (Bell Communications Research).

     Analysis revealed that my oversight introduces a vulnerability.



     Note: the vulnerability is not present in the original S/Key

     software from Bellcore.



II.  Impact



     Unauthorized users can gain privileges of other users, possibly

     including root.



     The vulnerability can be exploited only by users with a valid

     account. It cannot be exploited by arbitrary remote users.



     The vulnerability can affect all FreeBSD 1.1.5.1 and FreeBSD 2.0

     implementations and all Logdaemon versions before 4.9. The problem

     exists only when S/Key logins are supported (which is the default

     for FreeBSD). Sites with S/Key logins disabled are not vulnerable.



III. Solution



     Logdaemon users: 

     ================

        Upgrade to version 4.9



            URL http://ftp.win.tue.nl/pub/security/logdaemon-4.9.tar.gz.

            MD5 checksum 3d01ecc63f621f962a0965f13fe57ca6



        To plug the hole, build and install the ftpd, rexecd and login

        programs. If you installed the keysu and skeysh commands, these

        need to be replaced too.



     FreeBSD 1.1.5.1 and FreeBSD 2.0 users: 

     ======================================

        Retrieve the corrected files that match the system you are

        running:



            URL http://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-1.1.5.1.tgz

            MD5 checksum bf3a8e8e10d63da9de550b0332107302



            URL http://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-2.0.tgz

            MD5 checksum d58a17f4216c3ee9b9831dbfcff93d29



        Unpack the tar archive and follow the instructions in the

        README file.



     FreeBSD current users:  

     ======================

        Update your /usr/src/lib/libskey sources and rebuild and

        install libskey (both shared and non-shared versions).



        The vulnerability has been fixed with FreeBSD 2.0.5.






(C) 1999-2000 All rights reserved.