Subject: NetBSD Security Advisory 2002-022: buffer overrun in pic(1)
To: None <netbsd-announce@netbsd.org>
From: NetBSD Security Officer <security-officer@netbsd.org>
List: netbsd-announce
Date: 10/08/2002 14:28:44
-----BEGIN PGP SIGNED MESSAGE-----


		 NetBSD Security Advisory 2002-022
		 =================================

Topic:		buffer overrun in pic(1)

Version:	NetBSD-current:	source prior to September 28, 2002
		NetBSD 1.6:	affected
		NetBSD-1.5.3:	affected
		NetBSD-1.5.2:	affected
		NetBSD-1.5.1:	affected
		NetBSD-1.5:	affected

Severity:	possible remote root compromise (depending on your config)

Fixed:		NetBSD-current:		September 28, 2002
		NetBSD-1.6 branch:	October 3, 2002
					(1.6.1 will include the fix)
		NetBSD-1.5 branch:	September 28, 2002


Abstract
========

pic(1) had a buffer overrun in argument handling.
The problem could be remotely exploited depending on lpd(8) setup.


Technical Details
=================

http://online.securityfocus.com/bid/3103


Solutions and Workarounds
=========================

If you enable remote printing via lpd(8), the problem is remotely
exploitable, and therefore severity is high.  Even if you do not
run remote printing via lpd(8), we encourage you to upgrade pic(1) binary
to prevent opening up security hole with future reconfiguration.

The following instructions describe how to upgrade your pic
binaries by updating your source tree and rebuilding and
installing a new version of pic.

* NetBSD-current:

	Systems running NetBSD-current dated from before 2002-09-28
	should be upgraded to NetBSD-current dated 2002-09-28 or later.

	The following directories need to be updated from the
	netbsd-current CVS branch (aka HEAD):
		gnu/dist/groff/src/preproc/pic

	To update from CVS, re-build, and re-install pic:
		# cd src
		# cvs update -d -P gnu/dist/groff/src/preproc/pic

		# cd gnu/usr.bin/groff/pic
		# make cleandir dependall
		# make install


* NetBSD 1.6:

	Systems running NetBSD 1.6 beta sources dated from before
	2002-10-03 should be upgraded from NetBSD 1.6 sources dated
	2002-10-03 or later.

	The following directories need to be updated from the
	netbsd-1-6 CVS branch:
		gnu/dist/groff/src/preproc/pic

	To update from CVS, re-build, and re-install pic:

		# cd src
		# cvs update -d -P -r netbsd-1-6 gnu/dist/groff/src/preproc/pic

		# cd gnu/usr.bin/groff/pic
		# make cleandir dependall
		# make install


* NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:

	Systems running NetBSD 1.5, 1.5.1, 1.5.2, or 1.5.3 sources dated
	from before 2002-09-28 should be upgraded from NetBSD 1.5.*
	sources dated 2002-09-28 or later.

	The following directories need to be updated from the
	netbsd-1-5 CVS branch:
		gnu/usr.bin/groff/pic

	To update from CVS, re-build, and re-install pic:

		# cd src
		# cvs update -d -P -r netbsd-1-5 gnu/usr.bin/groff/pic

		# cd gnu/usr.bin/groff/pic
		# make cleandir dependall
		# make install


Thanks To
=========

Thomas Klausner for notifying this issue to NetBSD security officers.


Revision History
================

	2002-10-08	Initial release


More Information
================

Advisories may be updated as new information comes to hand.  The most
recent version of this advisory (PGP signed) can be found at 
  ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-022.txt.asc

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 2002, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2002-022.txt,v 1.4 2002/10/08 03:43:36 itojun Exp $


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBPaJUcT5Ru2/4N2IFAQHNfAQAu95elTLMkyF8aiCKpelovy1XC+Fg56eF
CppeFyw0GQ2wsOg3XeTm03yEULDUh5aFHgEzi0E6FTG/F+ffzCkMM2U/HXWFDUG4
f+QELInAGX3b6o97DEcGKvKKI3S13mW92x1a6hN1ziKRLzU5ga2rJS09FfRfM/pa
HiWgkqhTiyU=
=hBQY
-----END PGP SIGNATURE-----