-----BEGIN PGP SIGNED MESSAGE-----
FreeBSD-SA-00:09 Security Advisory
Topic: mtr port contains a local root exploit.
Affects: Ports collection before the correction date.
Corrected: 2000-03-07 (included in FreeBSD 4.0-RELEASE)
FreeBSD only: NO
mtr ("Multi Traceroute") combines the functionality of the "traceroute" and
"ping" programs into a single network diagnostic tool.
II. Problem Description
The mtr program (versions 0.41 and below) fails to correctly drop setuid
root privileges during operation, allowing a local root compromise.
The mtr port is not installed by default, nor is it "part of FreeBSD" as
such: it is part of the FreeBSD ports collection, which contains over 3100
third-party applications in a ready-to-install format. The FreeBSD
4.0-RELEASE ports collection is not vulnerable to this problem.
FreeBSD makes no claim about the security of these third-party
applications, although an effort is underway to provide a security audit of
the most security-critical ports.
A local user can exploit the security hole to obtain root privileges.
If you have not chosen to install the mtr port/package, then your system is
1) Remove the mtr port if you have installed it.
2) Disable the setuid bit - run the following command as root:
chmod u-s /usr/local/sbin/mtr
This will mean non-root users cannot make use of the program, since it
requires root privileges to properly run.
1) Upgrade your entire ports collection and rebuild the mtr port.
2) Reinstall a new package obtained from:
Note: it may be several days before the updated packages are available.
3) download a new port skeleton for the mtr port from:
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----