Home page logo
/

bugtraq logo Bugtraq mailing list archives

NetBSD Security Advisory 2002-025: trek(6) buffer overrun
From: NetBSD Security Officer <security-officer () netbsd org>
Date: Thu, 24 Oct 2002 18:42:06 +0900

-----BEGIN PGP SIGNED MESSAGE-----


                 NetBSD Security Advisory 2002-025
                 =================================

Topic:          trek(6) buffer overrun

Version:        NetBSD-current: source prior to October 19, 2002
                NetBSD 1.6:     affected (no real harm)
                NetBSD-1.5.3:   affected
                NetBSD-1.5.2:   affected
                NetBSD-1.5.1:   affected
                NetBSD-1.5:     affected

Severity:       Local user can elevate privileges to group "games"

Fixed:          NetBSD-current:         October 19, 2002
                NetBSD-1.6 branch:      October 22, 2002
                NetBSD-1.5 branch:      October 19, 2002


Abstract
========

There is a buffer overflow in the processing of keyboard input by trek(6).

On NetBSD 1.5 and prior, trek(6) is executed via dm(8), so a malicious
local user could elevate privilege to group "games".

On NetBSD 1.6 and NetBSD-current systems, trek(6) will terminate if
the input is too long.


Technical Details
=================

When trek(6) reads in keyboard input, a bounds check was not performed
correctly.  If more than 100 characters are entered, a buffer overrun
occurs.


Solutions and Workarounds
=========================

For NetBSD 1.5 systems, the easiest solution is to stop providing trek(6)
to users:
        # rm /usr/games/trek
        # rm /usr/games/hide/trek

NetBSD 1.6 and -current do not use dm(8) for executing trek(6), so no
real harm will be done - the trek program executes only with the
user's existing privileges.


The following instructions describe how to upgrade your trek(6)
binaries by updating your source tree and rebuilding and
installing a new version of trek(6).

* NetBSD-current:

        Systems running NetBSD-current dated from before 2002-10-19
        should be upgraded to NetBSD-current dated 2002-10-19 or later.

        The following directories need to be updated from the
        netbsd-current CVS branch (aka HEAD):
                games/trek

        To update from CVS, re-build, and re-install trek(6):
                # cd src
                # cvs update -d -P games/trek
                # cd games/trek

                # make cleandir dependall
                # make install


* NetBSD 1.6:

        Systems running NetBSD 1.6 sources dated from before
        2002-10-22 should be upgraded from NetBSD 1.6 sources dated
        2002-10-22 or later.

        NetBSD 1.6.1 will include the fix.

        The following directories need to be updated from the
        netbsd-1-6 CVS branch:
                games/trek

        To update from CVS, re-build, and re-install trek(6):

                # cd src
                # cvs update -d -P -r netbsd-1-6 games/trek
                # cd games/trek

                # make cleandir dependall
                # make install


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

        Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated
        from before 2002-10-19 should be upgraded from NetBSD 1.5.*
        sources dated 2002-10-19 or later.

        The following directories need to be updated from the
        netbsd-1-5 CVS branch:
                games/trek

        To update from CVS, re-build, and re-install trek(6):

                # cd src
                # cvs update -d -P -r netbsd-1-5 games/trek
                # cd games/trek

                # make cleandir dependall
                # make install


Thanks To
=========

Niels Heinen for reporting this problem.


Revision History
================

        2002-10-24      Initial release


More Information
================

Advisories may be updated as new information comes to hand.  The most
recent version of this advisory (PGP signed) can be found at 
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2002-025.txt,v 1.6 2002/10/23 08:08:42 itojun Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPbe2cT5Ru2/4N2IFAQFazQP/VEeJ23ynJgArHib+U/XCStkKMEfV/X4T
84EpzCgIPo0Q3Kpr1DISuuv4XAzGcg+dTAVqJXWU0y8eNwBsp10OYW7cDCrYJ8sZ
AheCwKmnhfmKVrtqpDZ4rZKoswJoZhnisqe2FfLNqfFimi5wb0VY4vJzN8NSIV1I
OzeoPQja22I=
=CW7U
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
  • NetBSD Security Advisory 2002-025: trek(6) buffer overrun NetBSD Security Officer (Oct 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]