COMMAND
	    periodic
SYSTEMS AFFECTED
	    FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and 4.1.1-STABLE prior to 2000-11-11
PROBLEM
	    David Lary found following.  periodic is a program to run periodic
	    system functions.   A vulnerability  was inadvertently  introduced
	    into periodic that caused temporary files with insecure file names
	    to be used in the system's temporary directory.  This may allow  a
	    malicious local user to cause arbitrary files on the system to  be
	    corrupted.
	    By default, periodic is normally called by cron for daily, weekly,
	    and monthly maintenance.   Because these scripts  run as root,  an
	    attacker may potentially corrupt any file on the system.
	    FreeBSD   4.1-STABLE   after   2000-09-20,   4.1.1-RELEASE,    and
	    4.1.1-STABLE prior  to the  correction date  are vulnerable.   The
	    problem was corrected prior to the release of FreeBSD 4.2.
	    Malicious local users can cause  arbitrary files on the system  to
	    be corrupted.
SOLUTION
	    Do  not  allow  periodic  to  be  used  in  untrusted   multi-user
	    environments.   Disable  the  normal  periodic  system maintenance
	    scripts by either commenting-out or removing the periodic  entries
	    in /etc/crontab.
	    Patch:
	
	        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch