-----------------------------------------------------------------------
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
-----------------------------------------------------------------------
PACKAGE         : ppp -- net dialup/point-to-point protocol
SUMMARY         : security vulnerability in symlink creation
DATE            : Wed Jul 31 14:29:24 UTC 2002
-----------------------------------------------------------------------

OVERVIEW

A race condition exists in the pppd program that may be exploited
in order to change the permissions of an arbitrary file.

DETAIL

>From the FreeBSD report:

The file specified as the tty device is opened by pppd, and the
permissions are recorded.  If pppd fails to initialize the tty device in
some way (such as a failure of tcgetattr(3)), then pppd will then attempt
to restore the original permissions by calling chmod(2).  The call to
chmod(2) is subject to a symlink race, so that the permissions may
`restored' on some other file.

The full advisory may be found here:
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A32.pppd.asc

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-dialup/ppp-2.4.1-r9 and earlier update their systems as follows. 

emerge rsync
emerge ppp

------------------------------------------------------------------------
aliz@gentoo.org
seemant@gentoo.org
drobbins@gentoo.org
------------------------------------------------------------------------


-- 
Seemant Kulleen
Developer and Project Co-ordinator,
Gentoo Linux					http://www.gentoo.org/~seemant
_______________________________________________
gentoo-announce mailing list
gentoo-announce@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-announce
_______________________________________________
gentoo-security mailing list
gentoo-security@gentoo.org
http://lists.gentoo.org/mailman/listinfo/gentoo-security