tags 283061 help thanks Could somebody please NMU? I didn't get my new key signed yet so I am in no position to perform an upload. Thanks, Grzegorz B. Prokopski On Fri, 2004-11-26 at 01:56, Brian Dessent wrote: > Package: opendchub > Version: 0.7.14-1 > Severity: critical > Tags: security patch > Justification: root security hole > > A security flaw in the handling of the $RedirectAll command was > discovered by Donato Ferrante. See > <http://marc.theaimsgroup.com/?l=bugtraq&m=110144606411674> for > details. > > The flaw allows a user with admin access to the hub to overflow a buffer > and execute arbitrary code. The default port on which the hub listens > is 411, which requires it to have root privileges, thus I've set this > bug as a potential root hole and severity critical. > > The following patch is reported in the advisory: > > --- commands.c 2004-11-21 13:01:48.000000000 +0100 > +++ patch.c 2004-11-21 13:05:33.000000000 +0100 > @@ -2842,7 +2842,7 @@ > { > char move_string[MAX_HOST_LEN+20]; > > - sprintf(move_string, "$ForceMove %s", buf); > + snprintf(move_string, MAX_HOST_LEN, "$ForceMove %s", buf); > > send_to_humans(move_string, REGULAR | REGISTERED | OP, user); > remove_all(UNKEYED | NON_LOGGED | REGULAR | REGISTERED | OP, 1, 1); > > > > -- System Information: > Debian Release: 3.1 > APT prefers testing > APT policy: (500, 'testing') > Architecture: i386 (i686) > Kernel: Linux 2.4.23-rc3-djc3-6um > Locale: LANG=C, LC_CTYPE=C > > Versions of packages opendchub depends on: > ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an > ii libcap1 1:1.10-14 support for getting/setting POSIX. > ii libperl5.8 5.8.4-2.3 Shared Perl library > ii libssl0.9.7 0.9.7d-5 SSL shared libraries > > -- no debconf information -- Grzegorz B. Prokopski <gadek@sablevm.org> SableVM - Free, LGPL'ed Java VM http://sablevm.org Why SableVM ?!? http://sablevm.org/wiki/Features Debian GNU/Linux - the Free OS http://www.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part