Bug#278777: marked as done (xsok: unfixed buffer overflow (CAN-2004-0074))

To: Frank Lichtenheld <djpig@debian.org>
Cc: Debian QA Group <packages@qa.debian.org>
Subject: Bug#278777: marked as done (xsok: unfixed buffer overflow (CAN-2004-0074))
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 01 Nov 2004 04:18:14 -0800
Message-id: <[🔎] handler.278777.D278777.10993113103228.ackdone@bugs.debian.org>
In-reply-to: <20041101121301.GQ17745@djpig.de>
References: <20041101121301.GQ17745@djpig.de> <20041029102211.BED3B500060@i.mechat.wana.at>

Your message dated Mon, 1 Nov 2004 13:13:01 +0100
with message-id <20041101121301.GQ17745@djpig.de>
and subject line Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Oct 2004 10:22:16 +0000
>From greuff@i.mechat.wana.at Fri Oct 29 03:22:16 2004
Return-path: <greuff@i.mechat.wana.at>
Received: from mailserver.wana.at [212.88.179.77] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CNTtf-0006jy-00; Fri, 29 Oct 2004 03:22:16 -0700
Received: from i.mechat.wana.at (unknown [212.88.179.78])
	by mailserver.wana.at (Postfix) with ESMTP id 0FF82310160;
	Fri, 29 Oct 2004 12:22:12 +0200 (CEST)
Received: by i.mechat.wana.at (Postfix, from userid 1000)
	id BED3B500060; Fri, 29 Oct 2004 12:22:11 +0200 (CEST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Thomas Wana <thomas@wana.at>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: xsok: unfixed buffer overflow (CAN-2004-0074)
X-Mailer: reportbug 2.63
Date: Fri, 29 Oct 2004 12:22:11 +0200
Message-Id: <20041029102211.BED3B500060@i.mechat.wana.at>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: xsok
Severity: critical
Justification: security hole

This orphaned package still contains the local buffer overflow described
in http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0074 which
leads to privilege escalation (group games).

Tom

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-grsec2.0.1-vs1.28-localnat
Locale: LANG=C, LC_CTYPE=C

---------------------------------------
Received: (at 278777-done) by bugs.debian.org; 1 Nov 2004 12:15:10 +0000
>From frank@lichtenheld.de Mon Nov 01 04:15:10 2004
Return-path: <frank@lichtenheld.de>
Received: from higgs.djpig.de [213.133.98.126] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1COb5a-0000pq-00; Mon, 01 Nov 2004 04:15:10 -0800
Received: from djpig by higgs.djpig.de with local (Exim 4.34)
	id 1COb3V-0001Oo-K6; Mon, 01 Nov 2004 13:13:01 +0100
Date: Mon, 1 Nov 2004 13:13:01 +0100
From: Frank Lichtenheld <djpig@debian.org>
To: Steve Kemp <skx@debian.org>
Cc: 278777-done@bugs.debian.org, debian-security@lists.debian.org
Subject: Re: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
Message-ID: <20041101121301.GQ17745@djpig.de>
References: <20041029102211.BED3B500060@i.mechat.wana.at> <20041029190702.GE9306@djpig.de> <41829825.1030209@wana.at> <20041029194013.GG9306@djpig.de> <41829DF8.6020700@wana.at> <20041029201233.GH9306@djpig.de> <[🔎] 20041101110220.GA9233@steve.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <[🔎] 20041101110220.GA9233@steve.org.uk>
User-Agent: Mutt/1.5.6+20040722i
Sender: Frank Lichtenheld <frank@lichtenheld.de>
Delivered-To: 278777-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

On Mon, Nov 01, 2004 at 11:02:21AM +0000, Steve Kemp wrote:
> On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote:
> 
> > Perhaps someone with a little more experience in identifying security
> > problems should take a look, too. I CC'ed debian-security.
> 
>   Here's a quick summery :
> 
>   To be clear there are three flaws being discussed in xsok:
> 
>    CAN-2004-0074 - overflow with LANG environmental variable.
>                  - overflow due to long '-xsokdir' parameter.
> 
>    CAN-2003-0949 - Failure to drop privileges when unzipping.
> 
>   The second one was discovered by me and closed in DSA-405-1
> 
>   The first one is in two parts, the environmental variable
>  overflow is patched already by the package maintainer.  The
>  second appears to be not an issue given this code:
[...]

>   Run the following command to test if it's vulnerable:
> 
>  xsok -xsokdir `perl -e 'print "X"x3000'`

Seems not to be vulnerable:
djpig@feynman:/usr/src$ xsok -xsokdir `perl -e 'print "X"x3000'`
directory too long

I will close the bug and I will ask Joey to add CAN-2004-0074 to
the non-vulns list.

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/

Reply to:

Prev by Date: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
Next by Date: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
Previous by thread: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)
Next by thread: Italian Crafted Rolex from $75 to $275 - Free Shipping
Index(es):
- Date
- Thread