Greetings,
You did it analyze the bug?
Att.:
Ygor da Rocha Parreira.
Consultor de Segurança da Informação.
Security Labs | Intruders Tiger Team Division
http://www.intruders.com.br/
http://www.securitylabs.com.br/
-----Mensagem original-----
De: Ygor Parrera <ygor@securitylabs.com.br>
Enviado: Ter 30/12/2008 16:59
Para: 501497@bugs.debian.org;
Assunto: Bug in another versions of lib.
Greetings,
I have found the same problem this bug in another version (sarge/stable) of package, look below.
----------------------------------------------------------------------------------------------------
hostname:~# strace htpasswd -b pwd tetas 102030
[much output]
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="hostname", ...}) = 0
brk(0) = 0x804c000
brk(0x806d000) = 0x806d000
stat64("pwd", {st_mode=S_IFREG|0644, st_size=52, ...}) = 0
open("pwd", O_RDONLY|O_APPEND|O_LARGEFILE) = 3
close(3) = 0
open("/dev/random", O_RDONLY) = 3
read(3,----------------------------------------------------------------------------------------------------
I have one program writing in PHP which call the htaccess for write the autentication file, and this is happens only after the my program excecuting.
My system is up-to-date whith the mirror of apt mirrors.kernel.org:
----------------------------------------------------------------------------------------------------
deb http://mirrors.kernel.org/debian/ etch main
deb-src http://mirrors.kernel.org/debian/ etch main
deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib
hostname:~# apt-get update
[much output]
hostname:~# apt-get upgrade
A Ler Listas de Pacotes... Pronto
Construindo Ãrvore de Dependências... Pronto
0 pacotes actualizados, 0 pacotes novos instalados, 0 a remover e 0 não actualizados.
hostname:~#----------------------------------------------------------------------------------------------------
Versions:
----------------------------------------------------------------------------------------------------
Kernel: 2.6.18-6-686
Locale: LANG=pt_PT.UTF-8, LC_CTYPE="pt_PT.UTF-8"
Shell: /bin/bash version 3.1.17(1)-release
Versions of packages:
ii apache2-utils 2.2.3-4+etch6 utility programs for webservers
ii libapr1 1.2.7-8.2 The Apache Portable Runtime Library
ii libaprutil1 1.2.7+dfsg-2 The Apache Portable Runtime Utility Library
ii libc6 2.3.6.ds1-13etch8 GNU C Library: Shared libraries
ii libc6-i686 2.3.6.ds1-13etch8 GNU C Library: Shared libraries [i686 optimi
ii libssl0.9.8 0.9.8c-4etch3 SSL shared libraries
----------------------------------------------------------------------------------------------------
Sorry for my english.
Have a great new year!
Att.:
Ygor da Rocha Parreira.
Consultor de Segurança da Informação.
Security Labs | Intruders Tiger Team Division
http://www.intruders.com.br/
http://www.securitylabs.com.br/