Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino
15th Mar 2000 [SBWID-177]
COMMAND
	    orville-write
SYSTEMS AFFECTED
	    FreeBSD with port collection prior to 2000-03-09
PROBLEM
	    Orville-write is  a replacement  for the  write(1) command,  which
	    provides  improved  control  over   message  delivery  and   other
	    features.
	    One of the commands installed by the port is incorrectly installed
	    with setuid root permissions.   The 'huh' command should not  have
	    any  special  privileges  since  it  is  intended to be run by the
	    local user to view his saved messages.
	    The orville-write  port is  not installed  by default,  nor is  it
	    "part  of  FreeBSD"  as  such:  it  is  part  of the FreeBSD ports
	    collection, which contains  over 3100 third-party  applications in
	    a  ready-to-install   format.  The   FreeBSD  4.0-RELEASE    ports
	    collection is not vulnerable to this problem.
	    A local user can exploit a buffer overflow in the 'huh' utility to
	    obtain root  privileges.   If you  have not  chosen to install the
	    orville-write port/package, then your system is not vulnerable.
SOLUTION
	    Remove the orville-write  port if you  have installed it.   Remove
	    the setuid bit  from the huh  utility, by executing  the following
	    command as root:
	
	        chmod u-s /usr/local/bin/huh
	
	    It is not necessary to reinstall the orville-write port,  although
	    this can be done in one of the following ways if desired:
	
	        1) Upgrade  your  entire  ports  collection  and  rebuild  the
	           orville-write port.
	        2) Reinstall a  new package dated  after the correction  date,
	           obtained from:
	             ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
	             ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
	             ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz
	        3) download  a new  port skeleton  for the  orville-write port
	           from:
	             http://www.freebsd.org/ports/
	           and use it to rebuild the port.
	        4) Use the portcheckout utility to automate option (3)  above.
	           The     portcheckout     port      is     available      in
	           /usr/ports/devel/portcheckout  or   the  package   can   be
	           obtained from:
	             ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
Internet highlights

Casino Not On Gamstop