From security-officer@netbsd.org Tue Oct 8 04:35:38 2002 From: NetBSD Security Officer To: full-disclosure@lists.netsys.com Date: Tue, 08 Oct 2002 14:29:06 +0900 Subject: [Full-Disclosure] NetBSD Security Advisory 2002-022: buffer overrun in pic(1) -----BEGIN PGP SIGNED MESSAGE----- NetBSD Security Advisory 2002-022 ================================= Topic: buffer overrun in pic(1) Version: NetBSD-current: source prior to September 28, 2002 NetBSD 1.6: affected NetBSD-1.5.3: affected NetBSD-1.5.2: affected NetBSD-1.5.1: affected NetBSD-1.5: affected Severity: possible remote root compromise (depending on your config) Fixed: NetBSD-current: September 28, 2002 NetBSD-1.6 branch: October 3, 2002 (1.6.1 will include the fix) NetBSD-1.5 branch: September 28, 2002 Abstract ======== pic(1) had a buffer overrun in argument handling. The problem could be remotely exploited depending on lpd(8) setup. Technical Details ================= http://online.securityfocus.com/bid/3103 Solutions and Workarounds ========================= If you enable remote printing via lpd(8), the problem is remotely exploitable, and therefore severity is high. Even if you do not run remote printing via lpd(8), we encourage you to upgrade pic(1) binary to prevent opening up security hole with future reconfiguration. The following instructions describe how to upgrade your pic binaries by updating your source tree and rebuilding and installing a new version of pic. * NetBSD-current: Systems running NetBSD-current dated from before 2002-09-28 should be upgraded to NetBSD-current dated 2002-09-28 or later. The following directories need to be updated from the netbsd-current CVS branch (aka HEAD): gnu/dist/groff/src/preproc/pic To update from CVS, re-build, and re-install pic: # cd src # cvs update -d -P gnu/dist/groff/src/preproc/pic # cd gnu/usr.bin/groff/pic # make cleandir dependall # make install * NetBSD 1.6: Systems running NetBSD 1.6 beta sources dated from before 2002-10-03 should be upgraded from NetBSD 1.6 sources dated 2002-10-03 or later. The following directories need to be updated from the netbsd-1-6 CVS branch: gnu/dist/groff/src/preproc/pic To update from CVS, re-build, and re-install pic: # cd src # cvs update -d -P -r netbsd-1-6 gnu/dist/groff/src/preproc/pic # cd gnu/usr.bin/groff/pic # make cleandir dependall # make install * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3: Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated from before 2002-09-28 should be upgraded from NetBSD 1.5.* sources dated 2002-09-28 or later. The following directories need to be updated from the netbsd-1-5 CVS branch: gnu/usr.bin/groff/pic To update from CVS, re-build, and re-install pic: # cd src # cvs update -d -P -r netbsd-1-5 gnu/usr.bin/groff/pic # cd gnu/usr.bin/groff/pic # make cleandir dependall # make install Thanks To ========= Thomas Klausner for notifying this issue to NetBSD security officers. Revision History ================ 2002-10-08 Initial release More Information ================ Advisories may be updated as new information comes to hand. The most recent version of this advisory (PGP signed) can be found at ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-022.txt.asc Information about NetBSD and NetBSD security can be found at http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/. Copyright 2002, The NetBSD Foundation, Inc. All Rights Reserved. $NetBSD: NetBSD-SA2002-022.txt,v 1.4 2002/10/08 03:43:36 itojun Exp $ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: noconv iQCVAwUBPaJUcT5Ru2/4N2IFAQHNfAQAu95elTLMkyF8aiCKpelovy1XC+Fg56eF CppeFyw0GQ2wsOg3XeTm03yEULDUh5aFHgEzi0E6FTG/F+ffzCkMM2U/HXWFDUG4 f+QELInAGX3b6o97DEcGKvKKI3S13mW92x1a6hN1ziKRLzU5ga2rJS09FfRfM/pa HiWgkqhTiyU= =hBQY -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html