Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » FreeBSD-SA-01:21 Security Advisory

FreeBSD-SA-01:21 Security Advisory

by Phiber on February 8th, 2001 The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the elvrec utility. Because elvrec is setuid root, unprivileged local users may gain root privileges on the local system....


The ja-elvis and ko-helvis ports are not installed by default, nor
are they "part of FreeBSD" as such: they are part of the FreeBSD
ports collection, which contains over 4500 third-party applications
in a ready-to-install format. The ports collections shipped with
FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered
after the releases.



FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security
audit of the most security-critical ports.



Quick Fix:
Upgrade your entire ports collection and rebuild the ja-elvis or
ko-helvis port. (another solution for fix is available in the advisory, so download it!)

Download this advisory

or

Visit FreeBSD


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »