Bug#356845: marked as done (cdebconf: Preseeded passwords are disclosed in world-readable questions.dat after installation)
Your message dated Wed, 15 Mar 2006 13:47:21 -0800
with message-id <E1FJdpx-0002cY-B5@spohr.debian.org>
and subject line Bug#356845: fixed in cdebconf 0.98
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: cdebconf
Version: 0.97
Severity: critical
Tags: pending
If you preseed a password question, then instead of the password being
stored in /var/lib/cdebconf/passwords.dat as it's supposed to be and
thus not copied to the installed system, it is stored in
/var/lib/cdebconf/questions.dat and copied to
/var/log/installer/cdebconf/questions.dat. While obviously your password
was already exposed by virtue of being in the preseed file, even if
you're using passwd/root-password-crypted etc. then this bug makes it
significantly easier for attackers to attack the encrypted password at
their leisure without first having to get at the contents of
/etc/shadow.
This bug arises because cdebconf 0.97 did not properly migrate a
question to a different stacked database when its type changes, which
happens in the case of preseeding because debian-installer/dummy is a
string template. I fixed this in SVN yesterday, but since this
constitutes a security flaw I think it needs a bug report too.
--
Colin Watson [cjwatson@debian.org]
--- End Message ---
--- Begin Message ---
Source: cdebconf
Source-Version: 0.98
We believe that the bug you reported is fixed in the latest version of
cdebconf, which is due to be installed in the Debian FTP archive:
cdebconf-gtk-udeb_0.98_i386.udeb
to pool/main/c/cdebconf/cdebconf-gtk-udeb_0.98_i386.udeb
cdebconf-newt-udeb_0.98_i386.udeb
to pool/main/c/cdebconf/cdebconf-newt-udeb_0.98_i386.udeb
cdebconf-priority_0.98_all.udeb
to pool/main/c/cdebconf/cdebconf-priority_0.98_all.udeb
cdebconf-text-udeb_0.98_i386.udeb
to pool/main/c/cdebconf/cdebconf-text-udeb_0.98_i386.udeb
cdebconf-udeb_0.98_i386.udeb
to pool/main/c/cdebconf/cdebconf-udeb_0.98_i386.udeb
cdebconf_0.98.dsc
to pool/main/c/cdebconf/cdebconf_0.98.dsc
cdebconf_0.98.tar.gz
to pool/main/c/cdebconf/cdebconf_0.98.tar.gz
cdebconf_0.98_i386.deb
to pool/main/c/cdebconf/cdebconf_0.98_i386.deb
libdebconfclient0-dev_0.98_i386.deb
to pool/main/c/cdebconf/libdebconfclient0-dev_0.98_i386.deb
libdebconfclient0-udeb_0.98_i386.udeb
to pool/main/c/cdebconf/libdebconfclient0-udeb_0.98_i386.udeb
libdebconfclient0_0.98_i386.deb
to pool/main/c/cdebconf/libdebconfclient0_0.98_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 356845@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joey Hess <joeyh@debian.org> (supplier of updated cdebconf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 15 Mar 2006 15:48:51 -0500
Source: cdebconf
Binary: cdebconf-slang-udeb libdebconfclient0 cdebconf-priority cdebconf libdebconfclient0-dev cdebconf-udeb libdebconfclient0-udeb cdebconf-gtk-udeb cdebconf-text-udeb cdebconf-newt-udeb
Architecture: source i386 all
Version: 0.98
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Joey Hess <joeyh@debian.org>
Description:
cdebconf - Debian Configuration Management System (C-implementation)
cdebconf-gtk-udeb - Gtk+ frontend for Debian Configuration Management System (udeb)
cdebconf-newt-udeb - Newt frontend for Debian Configuration Management System (udeb)
cdebconf-priority - Change debconf priority (udeb)
cdebconf-text-udeb - Plain text frontend for Debian Configuration Management System (udeb)
cdebconf-udeb - Debian Configuration Management System (C-implementation) (udeb)
libdebconfclient0 - Debian Configuration Management System (C-implementation)
libdebconfclient0-dev - Development files for cdebconf
libdebconfclient0-udeb - Debian Configuration Management System (C-implementation) (udeb)
Closes: 322381 355804 356845
Changes:
cdebconf (0.98) unstable; urgency=low
.
[ Attilio Fiandrotti ]
* Workaround for a GTKDFB bug that causes first pixels of sentences
to be sometimes cutted away, thanks to Davide Viti and Mohammed
Adnène Trojette for finding this bug.
* Added support for PROGRESSCANCEL command to the GTK frontend, whose
GTK signals handling system is now asynchronous (closes: #322381).
* Buttons in the GTK frontend are now translated also if progressbar
is started before a question is asked (closes: #355804).
Set to NULL a forgot pointer, updated some code comments.
.
[ Joey Hess ]
* Add shlibs line for libdebconfclient0-udeb.
* Drop libdebconfclient0-udeb's provide of libdebconfclient0, since
it's on the initrd and packages will get correct deps as they're
recompiled against this.
.
[ Colin Watson ]
* Honour accept_types/reject_types for questions registered against
templates that were received in DATA commands over passthrough. This was
one of the root causes of Ubuntu's recent installer password disclosure
vulnerability (CVE-2006-1183).
* Reset question template pointers whenever they change, not just when the
tag changes; do this in X_LOADTEMPLATEFILE and dpkg-reconfigure as well
as debconf-loadtemplate.
* Add a remove method to the question database; use this to migrate
questions to the correct stacked database in the event that their types
change (fixes preseeded passwords ending up in questions.dat on the
installed system in some cases; closes: #356845).
.
[ Updated translations ]
* Bosnian (bs.po) by Safir Secerovic
* Hungarian (hu.po) by SZERVÃ?C Attila
* Slovenian (sl.po) by Matej KovaÄ?iÄ?
* Swedish (sv.po) by Daniel Nylander
* Ukrainian (uk.po) by Eugeniy Meshcheryakov
Files:
a40fda1d19d21275fb2f9776b3632484 1176 utils optional cdebconf_0.98.dsc
68361761ba71998a55d561f7dbbaf909 222079 utils optional cdebconf_0.98.tar.gz
70b53fcac30146746d788db30e5c99a6 2420 debian-installer standard cdebconf-priority_0.98_all.udeb
5dd07d263224717ff80c517fc94d9238 140294 utils extra cdebconf_0.98_i386.deb
1cdf11261c98ae14fd7efeb11f23d5d5 29172 libs optional libdebconfclient0_0.98_i386.deb
3946a5706b4ff405fc48000db55e9cf4 30448 libdevel optional libdebconfclient0-dev_0.98_i386.deb
a96bf744ed6eed2e1db11a0ba1c03a64 62896 debian-installer standard cdebconf-udeb_0.98_i386.udeb
b39239954b5ae30fac95bdd4dc2e196c 2966 debian-installer optional libdebconfclient0-udeb_0.98_i386.udeb
d8a9e8b5f2046f3015356aa7e27a65d0 15338 debian-installer optional cdebconf-newt-udeb_0.98_i386.udeb
5f91ea7ebab6dab946fe13d2b7427f6f 17198 debian-installer optional cdebconf-text-udeb_0.98_i386.udeb
7b554976b1a393447fb80e008e461de3 21020 debian-installer optional cdebconf-gtk-udeb_0.98_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEGIPT2tp5zXiKP0wRAnaTAKCA+vYyHv2GCFl8uJ+nHo+xi/xkcwCgkV3r
VJLl+ZMFNbyAhdYRgMxNreI=
=l63i
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: