FreeBSD eject缓冲区溢出漏洞

One of the following (exerpted from the FreeBSD advisory): 1) Upgrade your entire ports collection and rebuild the eject port. 2) Deinstall the old package and install a new package dated after the correction date, obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz NOTE: Be sure to check the file creation date on the package, because the version number of the software has not changed. 3) download a new port skeleton for the eject port from: http://www.freebsd.org/ports/ and use it to rebuild the port. 4) Use the portcheckout utility to automate option (3) above. The portcheckout port is available in /usr/ports/devel/portcheckout or the package can be obtained from: ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz

来源: BID 名称: 1686 链接:http://www.securityfocus.com/bid/1686 来源: XF 名称: freebsd-eject-port 链接:http://xforce.iss.net/static/5248.php 来源: OSVDB 名称: 1559 链接:http://www.osvdb.org/1559 来源: FREEBSD 名称: FreeBSD-SA-00:49 链接:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html