COMMAND
GNQS
SYSTEMS AFFECTED
GNQS 3.50.6 and 3.50.7
PROBLEM
Philippe Andersson posted following. A large security hole was
uncovered last month in Generic-NQS ver. 3.50.6 and 3.50.7. This
hole leads to immediate local root compromise.
On the request of GNQS Maintainer, Stuart Herbert Philipe will
not release the actual exploit technique, since it would allow
any 5-year old with an shell account on the affected system(s) to
gain root in no time. Credit for the discovery goes to Gilbert
Mets.
SOLUTION
All users of vulnerable versions are requested to upgrade to ver.
3.50.8 or later ASAP. The updated package can be downloaded from:
http://ftp.gnqs.org/pub/gnqs/latest/production/Generic-NQS-3.50.9.tar.gz
Users of previous versions are not vulnerable. The fix introduced
in ver. 3.50.8 will also log any attempt at exploiting the
vulnerability. For FreeBSD:
1) Upgrade your entire ports collection and rebuild the
generic-nqs port.
2) Reinstall a new package dated after the correction date,
obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz
3) download a new port skeleton for the generic-nqs port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above.
The portcheckout port is available in
/usr/ports/devel/portcheckout or the package can be
obtained from:
ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz