Monday, August 11, 2003

Vulnerability in Realpath(3) Function Could Lead to Remote Root Compromise

I just read the FreeBSD security advisory on the realpath(3) function, which "is used to determine the canonical, absolute pathname from a given pathname which may contain extra "/" characters, references to ""/." or "/../", or references to symbolic links. The realpath(3) function is part of the FreeBSD Standard C Library. . . Applications using realpath(3) MAY be vulnerable to denial of service attacks, remote code execution, and/or privilege escalation."


This is a problem because all releases of FreeBSD up to and including 4.8-RELEASE and 5.0-RELEASE are affected, and OpenSSH is listed as one of the programs affected by this bug. The fix is to upgrade your system to 5.1 RELEASE or the respective security releases of 4.7 and 4.8 RELEASE, or apply the patch given in the advisory.


This FreeBSD-specific warning builds on advisories released by ISEC and CERT. There seems to be a spike in port 22 TCP scans as reported by Incidents.org near the day ISEC released their advisory.

No comments: