Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!metro!metro!asstdc.scgt.oz.au!nsw.news.telstra.net!act.news.telstra.net!psgrain!newsfeed.internetmci.com!in3.uu.net!omega.metrics.com!omega.metrics.com!not-for-mail
From: polk@BSDI.COM
Newsgroups: comp.unix.bsd.bsdi.announce
Subject: BSDI: *SECURITY* patch for rdist, note about U210-017
Followup-To: comp.unix.bsd.bsdi.misc
Date: 5 Sep 1996 08:16:22 -0400
Organization: Software Metrics Inc.
Lines: 233
Sender: tomh@omega.metrics.com
Approved: tomh@metrics.com
Message-ID: <50mgam$2sc@omega.metrics.com>
NNTP-Posting-Host: omega.metrics.com
[Clearing a backlog of unposted articles ... my apologies. --th]
New patch
---------
There is a new patch U210-018 which fixes the recently
discovered holes in the /usr/bin/rdist program. There are
actually two versions of this patch U210-018 for all systems
except those running Kerberos, and D210-018 for systems which
are running Kerberos. You should only install one of the
two versions of the patch.
One of the problems fixed by this patch was recently reported in
an 8lgm advisory ([8lgm]-Advisory-26.UNIX.rdist.20-3-1996) and an
exploitation program has been posted in various forums which enables
local users to gain root privileges.
The README entries for the new patches along with their md5
checksums are below. As always, there are pgp signatures
in the signatures subdirectory of the patches-2.1 directory on
the ftp/patches servers.
Perl Patch Correction
---------------------
The perl patch U210-017 was also updated on July 9. The only
change in the patch is to remove the executable bits from the
old versions of the binaries after they are renamed. If you have
retrieved and installed the older version of the patch, you should
remove the execute bits from the old binaries immediately with
the following command (as root):
chmod 444 /usr/bin/suidperl.orig /usr/contrib/bin/sperl5.orig
Any binaries replaced in future patches will be automatically
disabled as they are renamed. The new README file entry for
U210-017 (with its new md5 checksum) is below. The PGP signature
has also been updated on the ftp/patches servers.
Jeff
--
/\ Jeff Polk Berkeley Software Design, Inc. (BSDI)
/\/ \ polk@BSDI.COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919
===================================================================
PATCH:
U210-017
SUMMARY:
This patch address the security issues as discussed in
CERT(sm) Advisory CA-96.12 Vulnerability in suidperl
for BSD/OS 2.1.
md5 checksum: 6224ff121b16bd8f990345b5e1f388df U210-017
===================================================================
PATCH:
D210-018
U210-018
SUMMARY:
This patch addresses a security problem in the rdist program.
If you have not installed the Kerberos package, install the U210-018
version of this patch. You do NOT need to install the D210-018
version unless you are running Kerberos.
If you are running Kerberos, you should install the D210-018
version of the patch instead of the U210-018 version.
Both versions of the patch install the same binary (/usr/bin/rdist),
so installing the second version of the patch will over-write
whichever was installed first.
THE D210-018 VERSION OF THIS PATCH IS FOR THE KERBEROS PACKAGE
FROM THE DOMESTIC FLOPPY. IT CONTAINS DES CODE AND MAY NOT BE
LEGALLY EXPORTED FROM THE UNITED STATES WITHOUT A SPECIFIC
LICENSE.
md5 checksum: b2060ec4eb9b18ace4e76bcb9441353f D210-018
md5 checksum: 86005d8bbb67eb737120741bd254d26a U210-018
===================================================================
From polk@external.BSDI.COM Fri Aug 9 19:35:29 1996
Received: from relay4.UU.NET by omega.metrics.com (8.6.12/1.37)
id PAA20325; Fri, 9 Aug 1996 15:35:05 -0400
Received: from external.BSDI.COM by relay4.UU.NET with ESMTP
(peer crosschecked as: external.BSDI.COM [205.230.225.2])
id QQbcbe17014; Fri, 9 Aug 1996 15:34:40 -0400 (EDT)
Received: (from polk@localhost) by external.BSDI.COM (8.7.4/8.7.3) id NAA16778; Fri, 9 Aug 1996 13:30:53 -0600 (MDT)
Date: Fri, 9 Aug 1996 13:30:53 -0600 (MDT)
Message-Id: <199608091930.NAA16778@external.BSDI.COM>
To: customers@bsdi.com
Subject: New patches for BSD/OS 2.1, one security related
From: polk@BSDI.COM
Status: O
New patches
-----------
There are several new patches available from the patches@bsdi.com
server or via the ftp archive at ftp://ftp.bsdi.com/bsdi/patches/patches-2.1
Two of the kernel patches (K210-018 and K210-020) fix problems
which may result in kernel panics. The other kernel patch (K210-019)
and the user level patch (U210-019) are performance enhancements. See
the description below. The U210-020 user-level patch doesn't really
replace anything, it just changes permissions on http daemon
config files. The README file entries for the new patches are also
appended.
The K210-019 is the first patch for 2.1 which is not available via
ANONYMOUS ftp. Only customers with valid service or upgrade
contracts may retrieve this patch. Customers may retrieve the
patch via email to patches@BSDI.COM or via ftp once you have obtained
a key from the patches@BSDI.COM server. Send an empty email message
to patches@BSDI.COM for complete instructions on using the server.
The most common cause of problems with the patches email
server is an incorrect email address in your customer record. If
your service contract is `not found' or if you don't get any
response from the server, your registered address may be incorrect.
To update your registered email address, contact admin@bsdi.com
or call BSDI at 719-593-9445. Be sure to have your customer number
available if possible.
Networking Performance Enhancements
-----------------------------------
The K210-019 patch provides a significant improvement to TCP
performance under heavy load -- such as when running heavily loaded
HTTP servers. A 133 MHz Pentium can handle 326 connections per
second with a network throughput of 17.5 Mbits per second (as
measured by WebStone 1.1). With these patches BSD/OS significantly
outperforms the Microsoft IIS running on Windows NT (see our
benchmark report at http://www.bsdi.com/products/internet-server/benchmarks
for complete details).
Jeff
--
/\ Jeff Polk Berkeley Software Design, Inc. (BSDI)
/\/ \ polk@BSDI.COM 5575 Tech Center Dr. #110, Colo Spgs, CO 80919
===================================================================
PATCH:
K210-018
SUMMARY:
This patch supersedes the informal patch K210-rtsock. In addition
to the leftover pointer to a freed block, this patch fixes incorrect
handling of the gateway route. In some cases an incorrect route
was returned by rtrequest() which actually used a block of memory
which had been freed. This resulted in a system crash. One symptom
of the bugs fixed by this patch is that the value which caused the
crash is sometimes equal to 0xc0001.
md5 checksum: a23c5691c4a587a87b1ce678d576f432 K210-018
===================================================================
PATCH:
K210-019
SUMMARY:
This patch adds several TCP performance enhancements.
o PCB hashing
o Optimized delayed ACK processing
o Optimized TIME-WAIT state processing
o Initial congestion window fixes
o Eliminate sending small packets when more data is
waiting to be copied from the application, but
don't delay them unnecessarily when there isn't.
This patch also includes a new kernel config option,
INET_SERVER. Turning on this option will cause the
PCB hashing code to use a much larger hash table.
Typically this would be useful on busy WEB servers.
md5 checksum: 9527c357be5a70f718236073a66fad94 K210-019
===================================================================
PATCH:
K210-020
SUMMARY:
Fixes certain kernel page fault panics which may occur when
mounting and unmounting filesystems.
md5 checksum: f219909d9f9617e7f40d1b9460315bb1 K210-020
===================================================================
PATCH:
U210-019
SUMMARY:
This binary patch adds the Squid Internet object cache to
BSD/OS 2.1 systems. Squid can act as both an HTTP proxy
and an HTTP accelerator, providing significant improvements
in HTTP performance as well as reducing unnecessary network
traffic.
Source code is available from:
ftp://ftp.bsdi.com/bsdi/patches/patches-2.1/squid-src.tar.gz
md5 checksum: e845288889e56b109ffb37a5e33ee426 U210-019
md5 checksum: 0fc5968e44c2100d0a3f45dc2334f7b2 squid-src.tar.gz
===================================================================
PATCH:
U210-020
SUMMARY:
This patch changes the ownership of the configuration files
in /var/www/conf to be owned by root rather than www. In
the original configuration (where the configuration files
were owned by www) compromising the www user could allow
unauthorized root access.
md5 checksum: c934f2db8b8d727881d473f00b2fb4b1 U210-020
===================================================================
--
[ /tom haapanen -- tomh@metrics.com -- software metrics inc -- waterloo, ont ]
[ "until the lions have their own historians, ]
[ tales of hunting will always glorify the hunter." -- zulu proverb ]