[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : Logdaemon/FreeBSD vulnerability in S/Key

Title: Logdaemon/FreeBSD vulnerability in S/Key
Released by: VENEMA
Date: 14th June 1995
Printable version: Click here
A vulnerability exists in my own S/Key software enhancements.  Since

these enhancements are in wide-spread use, a public announcement is 

appropriate.  The vulnerability affects the following products:

        FreeBSD version

        FreeBSD version 2.0

        logdaemon versions before 4.9

I recommend that users of this software follow the instructions given

below in section III. 

- -----------------------------------------------------------------------------

I.   Description

     An obscure oversight was found in software that I derived from

     the S/Key software from Bellcore (Bell Communications Research).

     Analysis revealed that my oversight introduces a vulnerability.

     Note: the vulnerability is not present in the original S/Key

     software from Bellcore.

II.  Impact

     Unauthorized users can gain privileges of other users, possibly

     including root.

     The vulnerability can be exploited only by users with a valid

     account. It cannot be exploited by arbitrary remote users.

     The vulnerability can affect all FreeBSD and FreeBSD 2.0

     implementations and all Logdaemon versions before 4.9. The problem

     exists only when S/Key logins are supported (which is the default

     for FreeBSD). Sites with S/Key logins disabled are not vulnerable.

III. Solution

     Logdaemon users: 


        Upgrade to version 4.9

            URL http://ftp.win.tue.nl/pub/security/logdaemon-4.9.tar.gz.

            MD5 checksum 3d01ecc63f621f962a0965f13fe57ca6

        To plug the hole, build and install the ftpd, rexecd and login

        programs. If you installed the keysu and skeysh commands, these

        need to be replaced too.

     FreeBSD and FreeBSD 2.0 users: 


        Retrieve the corrected files that match the system you are


            URL http://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-

            MD5 checksum bf3a8e8e10d63da9de550b0332107302

            URL http://ftp.cdrom.com/pub/FreeBSD/CERT/libskey-2.0.tgz

            MD5 checksum d58a17f4216c3ee9b9831dbfcff93d29

        Unpack the tar archive and follow the instructions in the

        README file.

     FreeBSD current users:  


        Update your /usr/src/lib/libskey sources and rebuild and

        install libskey (both shared and non-shared versions).

        The vulnerability has been fixed with FreeBSD 2.0.5.

(C) 1999-2000 All rights reserved.