Title: FreeBSD Asmon/Ascpu Vulnerability
Severity: INFO
Description:
A vulnerability exists in both the ascpu and asmon ports to FreeBSD. Ascpu and asmon are applets for the popular window manager AfterStep. They retain the look and feel of this window manager, and integrate well in to it's "dock" toolbar. As part of the port to FreeBSD, it was deemed necessary to give them access to /dev/kmem, necessitating them being installed setgid kmem. By passing a command line option, it is possible for an attacker to cause these applications to execute arbitrary commands with group 'kmem' privileges.
It should be noted that neither of these programs are truly part of FreeBSD. They are not part of any distribution of FreeBSD. Instead, they are part of the 'ports' section. The over 3000 packages included in ports are presented as-is, and in many cases have not been audited for security problems.
Affected Products:
- FreeBSD FreeBSD 3.0.0
- FreeBSD FreeBSD 3.1.0
- FreeBSD FreeBSD 3.2.0
- FreeBSD FreeBSD 3.3.0
- FreeBSD FreeBSD 3.4.0
References:
- FreeBSD: FreeBSD Security Information
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
