[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#501497: ENC: Bug in another versions of lib.



Title: ENC: Bug in another versions of lib.

 

Greetings,

 

You did it analyze the bug?

 

Att.:
Ygor da Rocha Parreira.
Consultor de Segurança da Informação.
Security Labs | Intruders Tiger Team Division
http://www.intruders.com.br/
http://www.securitylabs.com.br/

 
 

-----Mensagem original-----
De: Ygor Parrera <ygor@securitylabs.com.br>
Enviado: Ter 30/12/2008 16:59
Para: 501497@bugs.debian.org;
Assunto: Bug in another versions of lib.

 

Greetings,

 

I have found the same problem this bug in another version (sarge/stable) of package, look below.

 

----------------------------------------------------------------------------------------------------

hostname:~# strace htpasswd -b pwd tetas 102030

[much output]
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="hostname", ...}) = 0
brk(0)                                  = 0x804c000
brk(0x806d000)                          = 0x806d000
stat64("pwd", {st_mode=S_IFREG|0644, st_size=52, ...}) = 0
open("pwd", O_RDONLY|O_APPEND|O_LARGEFILE) = 3
close(3)                                = 0
open("/dev/random", O_RDONLY)           = 3
read(3,

----------------------------------------------------------------------------------------------------

 

I have one program writing in PHP which call the htaccess for write the autentication file, and this is happens only after the my program excecuting.

 

My system is up-to-date whith the mirror of apt mirrors.kernel.org:

----------------------------------------------------------------------------------------------------

deb http://mirrors.kernel.org/debian/ etch main
deb-src http://mirrors.kernel.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

 

hostname:~# apt-get update

[much output]

hostname:~# apt-get upgrade
A Ler Listas de Pacotes... Pronto
Construindo Ãrvore de Dependências... Pronto
0 pacotes actualizados, 0 pacotes novos instalados, 0 a remover e 0 não actualizados.
hostname:~#

----------------------------------------------------------------------------------------------------

 

Versions:

----------------------------------------------------------------------------------------------------

Kernel: 2.6.18-6-686
Locale: LANG=pt_PT.UTF-8, LC_CTYPE="pt_PT.UTF-8"
Shell: /bin/bash version 3.1.17(1)-release

Versions of packages:
ii  apache2-utils            2.2.3-4+etch6                        utility programs for webservers
ii  libapr1                  1.2.7-8.2                            The Apache Portable Runtime Library
ii  libaprutil1              1.2.7+dfsg-2                         The Apache Portable Runtime Utility Library
ii  libc6                    2.3.6.ds1-13etch8                    GNU C Library: Shared libraries
ii  libc6-i686               2.3.6.ds1-13etch8                    GNU C Library: Shared libraries [i686 optimi
ii  libssl0.9.8              0.9.8c-4etch3                        SSL shared libraries
----------------------------------------------------------------------------------------------------

 

Sorry for my english.

 

Have a great new year!

 

Att.:
Ygor da Rocha Parreira.
Consultor de Segurança da Informação.
Security Labs | Intruders Tiger Team Division
http://www.intruders.com.br/
http://www.securitylabs.com.br/


Reply to: