FreeBSD inetd wheel Group File Read

2001-01-29T00:00:00
ID OSVDB:1753
Type osvdb
Reporter dynamo(dynamo@ime.net)
Modified 2001-01-29T00:00:00

Description

Vulnerability Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when inetd incorrectly sets group privileges on child processes, and when an ident request is received, the process is assigned privileges of the wheel (root group), which will disclose the first 16 bytes of any wheel-accessible file resulting in a loss of confidentiality.

Solution Description

Upgrade to version FreeBSD system to 3.5-STABLE or 4.2-STABLE after the correction date, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): disable the internal ident server, if enabled: comment out all lines beginning with "auth" in /etc/inetd.conf, then restart inetd by sending it a SIGHUP:

killall -HUP inetd

Short Description

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when inetd incorrectly sets group privileges on child processes, and when an ident request is received, the process is assigned privileges of the wheel (root group), which will disclose the first 16 bytes of any wheel-accessible file resulting in a loss of confidentiality.

References:

Vendor URL: http://www.freebsd.org Vendor Specific Advisory URL Mail List Post: http://archives.neohapsis.com/archives/freebsd/2001-01/0493.html ISS X-Force ID: 6052 CVE-2001-0196 CIAC Advisory: l-038 Bugtraq ID: 2324