FreeBSD healthd Local Overflow

2000-04-10T00:00:00
ID OSVDB:606
Type osvdb
Reporter OSVDB
Modified 2000-04-10T00:00:00

Description

Vulnerability Description

A local overflow exists in FreeBSD healthd. This small utility for monitoring the temperature, fan speed and voltage levels of certain motherboards is subject to a boundary condition error resulting in a buffer overflow. With a specially crafted request, an attacker can obtain root privileges resulting in a loss of integrity.

Solution Description

Upgrade to FreeBSD 4.1 or upgrade healthd specifically to corrected 0.3 port, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: make deinstall the healthd port.

The vendor has updated the package without increasing the version number. Be sure your installation is from the latest available.

Short Description

A local overflow exists in FreeBSD healthd. This small utility for monitoring the temperature, fan speed and voltage levels of certain motherboards is subject to a boundary condition error resulting in a buffer overflow. With a specially crafted request, an attacker can obtain root privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.freebsd.org Vendor URL: http://healthd.thehousleys.net/ Vendor Specific Advisory URL ISS X-Force ID: 4281 CVE-2000-0294 Bugtraq ID: 1107