COMMAND

    UFS/EXT2FS

SYSTEMS AFFECTED

    unices

PROBLEM

    Sven Berkvens and Marc Olzheim  found following.  UFS is  the Unix
    File System,  used by  default on  FreeBSD systems  and many other
    UNIX variants.   EXT2FS is  a filesystem  used by  default on many
    Linux systems, which is also available on FreeBSD.

    There exists a data consistency race condition which allows  users
    to obtain access to areas  of the filesystem containing data  from
    deleted files.   The filesystem  code is  supposed to  ensure that
    all  filesystem  blocks  are  zeroed  before becoming available to
    user processes, but in a  certain specific case this zeroing  does
    not occur, and unzeroed blocks  are passed to the user  with their
    previous contents intact.  Thus, if the block contains data  which
    used to be part of a file  or directory to which the user did  not
    have access, the operation results in unauthorized access of data.

    Unprivileged users  may obtain  access to  data which  was part of
    deleted files.

SOLUTION

    This problem  was corrected  prior to  the forthcoming  release of
    FreeBSD 4.3.  To patch your present system: download the  relevant
    patch from the below location, and execute the following  commands
    as root:

        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch
        # fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc