¤³¤Î¥á¡¼¥ë¤Ï, announce-jp ¤Ëή¤ì¤¿ Subject: ANNOUNCE: FreeBSD Ports Security Advisory: FreeBSD-SA-00:74.php From: FreeBSD Security Advisories Date: Mon, 20 Nov 2000 13:29:49 -0800 (PST) Message-Id: <20001120212949.0DFBE37B68D@hub.freebsd.org> X-Sequence: announce-jp 609 ¤òÆüËܸìÌõ¤·¤¿¤â¤Î¤Ç¤¹. [ÌõÃí] ¸¶Ê¸¤Ç¤Ï 00:74.php ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¤¬, ¤³¤ì¤Ï 00:75.php ¤Î¸íµ­¤À¤È»×¤ï¤ì¤Þ¤¹. ¤³¤Î´«¹ð¤ÎÃæ¤Ç¾Ò²ð¤µ¤ì¤Æ¤¤¤ë WWW ¥µ¥¤¥È http://www.FreeBSD.org/ ¤ª¤è¤Ó FTP ¥µ¥¤¥È ftp://ftp.FreeBSD.org/ ¤Ë¤Ï, ÆüËܤΥߥ顼¥µ¥¤¥È¤¬Â¸ºß¤·¤Þ¤¹. ¥ß¥é¡¼¥µ¥¤¥È¤òÍøÍѤ¹¤ë¤Ë¤Ï, http://www.FreeBSD.org/ ¤ò http://www.jp.FreeBSD.org/www.freebsd.org/ ¤Ë, ftp://ftp.FreeBSD.org/ ¤ò ftp://ftp.jp.FreeBSD.org/ ¤Ë, ¤½¤ì¤¾¤ìÃÖ¤­´¹¤¨¤Æ¤¯¤À¤µ¤¤. ¥Í¥Ã¥È¥ï¡¼¥¯¤Îº®»¨¤ò´ËϤ¹¤ë¤¿¤á, ¤Þ¤º¤Ï¥ß¥é¡¼¥µ¥¤¥È¤ÎÍøÍѤò ¹Íθ¤¹¤ë¤è¤¦¤ª´ê¤¤¤·¤Þ¤¹. ¥ß¥é¡¼¥µ¥¤¥È¤Ë´Ø¤¹¤ë¾ÜºÙ¤Ï http://www.FreeBSD.org/handbook/mirror.html (±Ñʸ) http://www.FreeBSD.org/ja/handbook/mirror.html (ÆüËܸìÌõ) ¤Ë, ¤Þ¤¿, ²áµî¤ÎÆüËܸìÈÇ¥»¥­¥å¥ê¥Æ¥£´«¹ð¤Ï http://www.FreeBSD.org/ja/security/ ¤Ë¤Þ¤È¤á¤é¤ì¤Æ¤¤¤Þ¤¹. ¸¶Ê¸¤Ï PGP ½ð̾¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬, ¤³¤ÎÆüËܸìÌõ¤Ï PGP ½ð̾¤µ¤ì¤Æ¤¤¤Þ¤»¤ó. ¥Ñ¥Ã¥ÁÅù¤ÎÆâÍƤ¬²þã⤵¤ì¤Æ¤¤¤Ê¤¤¤³¤È¤ò³Îǧ¤¹¤ë¤¿¤á¤Ë PGP ¤Î¥Á¥§¥Ã¥¯¤ò ¹Ô¤Ê¤¦¤Ë¤Ï, ¸¶Ê¸¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤. ÆüËܸìÌõ¤Ï FreeBSD ÆüËܸì¥É¥­¥å¥á¥ó¥Æ¡¼¥·¥ç¥ó¥×¥í¥¸¥§¥¯¥È (doc-jp) ¤¬»²¹Í¤Î ¤¿¤á¤ËÄ󶡤¹¤ë¤â¤Î¤Ç, doc-jp ¤Ï ¤½¤ÎÆâÍƤˤĤ¤¤Æ¤¤¤«¤Ê¤ëÊݾڤ⤤¤¿¤·¤Þ¤»¤ó. ÆüËܸìÌõ¤Ë¤Ä¤¤¤Æ¤Î¤ªÌ䤤¹ç¤ï¤»¤Ï doc-jp@jp.FreeBSD.org ¤Þ¤Ç¤ª´ê¤¤¤·¤Þ¤¹. --(¤³¤³¤«¤é) ============================================================================= FreeBSD-SA-00:75 Security Advisory FreeBSD, Inc. ¥È¥Ô¥Ã¥¯: mod_php3/mod_php4 allows remote code execution ʬÎà: ports ¥â¥¸¥å¡¼¥ë: mod_php3/mod_php4 ¹ðÃÎÆü: 2000-11-20 ¥¯¥ì¥¸¥Ã¥È: Jouko Pynnöîen ±Æ¶ÁÈÏ°Ï: ½¤ÀµÆü°ÊÁ°¤Î Ports Collection ½¤ÀµÆü: 2000-10-12 (mod_php4), 2000-10-18 (mod_php3) ¥Ù¥ó¥À¤ÎÂбþ: ½¤ÀµÈǤ¬¸ø³«ºÑ¤ß FreeBSD ¤Ë¸ÇÍ­¤«: NO I. ÇØ·Ê - Background php ¤Ïͭ̾¤Ê HTML Ëä¤á¹þ¤ß·¿¤Î¥¹¥¯¥ê¥×¥È¸À¸ì¤Ç¤¹. II. ÌäÂê¤Î¾ÜºÙ - Problem Description mod_php ports ¤Î¥Ð¡¼¥¸¥ç¥ó 3.0.17 (mod_php3) ¤ª¤è¤Ó 4.0.3 (mod_php4) ¤è¤êÁ°¤Î¤â¤Î¤Ë¤Ï, °­°Õ¤Î¤¢¤ë¥ê¥â¡¼¥È¥æ¡¼¥¶¤¬, ¥¦¥§¥Ö¥µ¡¼¥Ð¤ò ¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶ (Ä̾ï¤Ï 'nobody' ¥æ¡¼¥¶) ¤Î¸¢¸Â¤ÇǤ°Õ¤Î¥³¡¼¥É¤ò ¼Â¹Ô¤Ç¤­¤ë´í¸±À­¤¬¤¢¤ë¤è¤¦¤Ê¥»¥­¥å¥ê¥Æ¥£¾å¤Î¼åÅÀ¤¬Â¸ºß¤·¤Þ¤¹. ¤³¤ì¤Ï¥¨¥é¡¼¤Î¥í¥°µ­Ï¿¥ë¡¼¥Á¥ó¤Ë, ½ñ¼°»ØÄêʸ»úÎó¤Ëµ¯°ø¤¹¤ë¼åÅÀ¤¬ ¸ºß¤¹¤ë¤³¤È¤¬¸¶°ø¤Ç¤¹. ¥¦¥§¥Ö¥µ¡¼¥Ð¤Ï, php.ini ¤Ç¥¨¥é¡¼¤Î¥í¥°µ­Ï¿µ¡Ç½¤¬Í­¸ú²½¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ë ¥»¥­¥å¥ê¥Æ¥£¾å¤Î¼åÅÀ¤È¤Ê¤ê¤Þ¤¹. ¤Þ¤¿, ¸Ä¡¹¤Î php ¥¹¥¯¥ê¥×¥È¤Ç syslog() ¤È¤¤¤¦ php ´Ø¿ô¤¬»È¤ï¤ì¤Æ¤¤¤ì¤Ð, ¤½¤ì¤é¤âƱÍͤËÌäÂê¤È¤Ê¤ê¤Þ¤¹. ¸å¼Ô¤Ï, ¥¨¥é¡¼¤Î¥í¥°µ­Ï¿µ¡Ç½¤¬ php.ini ¤ÇÍ­¸ú²½¤µ¤ì¤Æ¤¤¤ë¤«¤É¤¦¤«¤Ë°Í¸¤·¤Þ¤»¤ó. mod_php ¤Î port ¤Ï¥Ç¥Õ¥©¥ë¥È¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤â¤Î¤Ç¤Ï¤Ê¤¯, ¡ÖFreeBSD ¥·¥¹¥Æ¥à¤Î°ìÉô¡×¤ò¹½À®¤¹¤ë¤â¤Î¤Ç¤â¤¢¤ê¤Þ¤»¤ó. ¤½¤ì¤é¤Ï 4100 ¤ò±Û¤¨¤ë¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬¤¹¤°¤Ë ¥¤¥ó¥¹¥È¡¼¥ë¤Ç¤­¤ë·Á¤Ç¼ý¤á¤é¤ì¤Æ¤¤¤ë FreeBSD Ports Collection ¤Î°ìÉô¤Ç¤¹. ¥ê¥ê¡¼¥¹¸å¤ËÌäÂ꤬¸«¤Ä¤«¤Ã¤¿¤¿¤á, FreeBSD 3.5.1 ¤ª¤è¤Ó 4.1.1 ¤È¤È¤â¤Ë ½Ð²Ù¤µ¤ì¤¿ Ports Collection ¤Ï¤³¤ÎÌäÂê¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¤¬, ¤³¤ÎÌäÂê¤Ï FreeBSD 4.2 ¤Î¥ê¥ê¡¼¥¹Á°¤Ë½¤Àµ¤µ¤ì¤Þ¤·¤¿. FreeBSD ¤Ç¤Ï, ¤³¤Î¤è¤¦¤Ê¥µ¡¼¥É¥Ñ¡¼¥Æ¥£À½¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥»¥­¥å¥ê¥Æ¥£ ÌäÂê¤ËÂФ·¤Æ, Æä˲¿¤«¤ò¼çÄ¥¤¹¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó (ÌõÃí: Ports Collection ¤Ë Æþ¤Ã¤Æ¤¤¤ë¤«¤é¤È¤¤¤Ã¤Æ, FreeBSD ¤Î³«È¯¼Ô¤¿¤Á¤¬¤½¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬ °ÂÁ´¤Ç¤¢¤ë¤Èɾ²Á¤·¤¿¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó). ¤¿¤À¤·, ¥»¥­¥å¥ê¥Æ¥£ÌäÂê¤ËÂФ·¤Æ Â礭¤Ê±Æ¶Á¤ò»ý¤Ä¤è¤¦¤Ê ports ¤ËÂФ¹¤ë¥»¥­¥å¥ê¥Æ¥£´Æºº¤òÄ󶡤¹¤Ù¤¯, ¸½ºßÅØÎÏÃæ¤Ç¤¹. III. ±Æ¶ÁÈÏ°Ï - Impact °­°Õ¤Î¤¢¤ë¥ê¥â¡¼¥È¥æ¡¼¥¶¤Ï, ¥í¡¼¥«¥ë¥·¥¹¥Æ¥à¾å¤Î¥¦¥§¥Ö¥µ¡¼¥Ð¤ò ¼Â¹Ô¤·¤Æ¤¤¤ë¥æ¡¼¥¶ (Ä̾ï¤Ï 'nobody' ¥æ¡¼¥¶) ¤Î¸¢¸Â¤Ç, Ǥ°Õ¤Î¥³¡¼¥É¤ò ¼Â¹Ô¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹. ¤¿¤À¤·¤³¤Î¥»¥­¥å¥ê¥Æ¥£¾å¤Î¼åÅÀ¤¬ÌäÂê¤È ¤Ê¤ë¤Î¤Ï, php.ini ¤Ç¥¨¥é¡¼¤Î¥í¥°µ­Ï¿µ¡Ç½¤¬Í­¸ú²½¤µ¤ì¤Æ¤¤¤ë¤«, ¤â¤·¤¯¤Ï syslog() ¤È¤¤¤¦php ´Ø¿ô¤¬¥¹¥¯¥ê¥×¥ÈÃæ¤Ç»È¤ï¤ì¤Æ¤¤¤ë¤È¤¤¤¦ ¾ò·ï¤òËþ¤¿¤¹¾ì¹ç¤Ë¸Â¤é¤ì¤Þ¤¹. mod_php3 ¤â¤·¤¯¤Ï mod_php4 ¤Î port/package ¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤¤¤Ê¤±¤ì¤Ð ¥·¥¹¥Æ¥à¤Ë¤³¤ÎÌäÂê¤Ë¤è¤ë¥»¥­¥å¥ê¥Æ¥£¾å¤Î¼åÅÀ¤Ï¤¢¤ê¤Þ¤»¤ó. IV. ²óÈòÊýË¡ - Workaround mod_php3 ¤â¤·¤¯¤Ï mod_php4 ¤Î port/package ¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ë¾ì¹ç¤Ï, ¤½¤ì¤ò¥·¥¹¥Æ¥à¤«¤éºï½ü¤·¤Æ¤¯¤À¤µ¤¤. V. ²ò·èºö - Solution ¼¡¤Î¤¤¤º¤ì¤«¤Ë½¾¤Ã¤Æ¤¯¤À¤µ¤¤. 1) Ports Collection Á´ÂΤò¥¢¥Ã¥×¥°¥ì¡¼¥É¤·, mod_php3 ¤â¤·¤¯¤Ï mod_php4 ¤Î port ¤òºÆ¹½ÃÛ¤·¤Þ¤¹. 2) ¸Å¤¤ (ÌõÃí: mod_php3 ¤â¤·¤¯¤Ï mod_php4 ¤Î) package ¤ò¥·¥¹¥Æ¥à¤«¤éºï½ü¤·, ½¤ÀµÆü°Ê¹ß¤ËºîÀ®¤µ¤ì¤¿¿·¤·¤¤ package ¤ò°Ê²¼¤Î¾ì½ê¤«¤é¼èÆÀ¤·¤Æ ¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹. [php3] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz [php4] ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz 3) mod_php3 ¤â¤·¤¯¤Ï mod_php4 ¤Î¿·¤·¤¤ port ¥¹¥±¥ë¥È¥ó¤ò°Ê²¼¤Î¾ì½ê¤«¤é ¥À¥¦¥ó¥í¡¼¥É¤·, ¤½¤ì¤ò»È¤Ã¤Æ port ¤òºÆ¹½ÃÛ¤·¤Þ¤¹. http://www.freebsd.org/ports/ 4) ¾åµ­ (3) ¤ÎÁàºî¤ò¼«Æ°Åª¤Ë¹Ô¤Ê¤¦ portcheckout ¥æ¡¼¥Æ¥£¥ê¥Æ¥£¤ò»È¤¤¤Þ¤¹. portcheckout ¤Î port ¤Ï /usr/ports/devel/portcheckout ¤Ë¤¢¤ê¤Þ¤¹. ¤Þ¤¿, portcheckout ¤Î package ¤¬°Ê²¼¤Î¾ì½ê¤«¤éÆþ¼ê²Äǽ¤Ç¤¹. ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz $hrs: announce-jp/FreeBSD-SA/00:75,v 1.3 2000/11/23 17:43:49 hrs Exp $