COMMAND
	    AfterStep (Asmon/Ascpu ports)
SYSTEMS AFFECTED
	    FreeBSD ports collection before 2000-01-29
PROBLEM
	    Following is  based on  FreeBSD Security  Advisory.   Two optional
	    third-party ports distributed with FreeBSD can be used to  execute
	    commands  with  elevated  privileges,  specifically  setgid   kmem
	    privileges.  This may lead to a local root compromise.
	    Asmon and ascpu allow users to execute arbitrary commands as  part
	    of a user configuration file.  Both applications are Linux-centric
	    as distributed  by the  vendor and  require patching  to run under
	    FreeBSD (specifically,  using the  kvm interface  and setgid  kmem
	    privileges to  obtain system  statistics); this  patching was  the
	    source of the  present security problem.   This is a  similar flaw
	    to one found in the wmmon port, which was corrected on 1999/12/31.
	    Note that neither  utility is installed  by default, nor  are they
	    "part of  FreeBSD" as  such: they  are part  of the  FreeBSD ports
	    collection, which contains  over 3100 third-party  applications in
	    a ready-to-install format.
	    If  you  have   not  chosen  to   install  the  asmon   or   ascpu
	    ports/packages, then your system is not vulnerable.  If you  have,
	    then local users can obtain setgid kmem rights, which allows  them
	    to manipulate kernel memory, and thereby compromise root.
SOLUTION
	    Remove the asmon and  ascpu ports/packages, if you  have installed
	    them.  Solution is one of the following:
	    1) Upgrade  your  entire  ports  collection and rebuild the  asmon
	       and/or ascpu ports.
	    2) Reinstall a new package obtained from:
	
	        ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/asmon-0.60.tgz
	        ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/ascpu-1.8.tgz
	
	       after the correction date. At the time of advisory release, the
	       asmon package was not  available - you may  need to use one  of
	       the other methods to update the software.
	    3) download a new port  skeleton for the asmon and/or  ascpu ports
	       from:
	
	        http://www.freebsd.org/ports/
	
	       and use it to rebuild one or both ports.
	    4) Use the portcheckout utility to automate option (3) above.  The
	       portcheckout port is available in /usr/ports/devel/portcheckout
	       or the package can be obtained from:
	
	        ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz