Bug#837458: jessie-pu: package mactelnet/0.4.0-1
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Request for uploading to stable, as there is posted a CVE for a bug in mactelnet-client.
This update is a backport of the fix that is done upstream, that fixes only the mentioned bug.
Mor information here: https://security-tracker.debian.org/tracker/CVE-2016-7115
and here: https://bugs.debian.org/836320
-- System Information:
Debian Release: stretch/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.4.0-21-generic (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru mactelnet-0.4.0/debian/changelog mactelnet-0.4.0/debian/changelog
--- mactelnet-0.4.0/debian/changelog 2016-09-10 23:43:04.000000000 +0200
+++ mactelnet-0.4.0/debian/changelog 2016-09-10 23:46:41.000000000 +0200
@@ -1,3 +1,9 @@
+mactelnet (0.4.0-2) stable; urgency=low
+
+ * Backported bugfix of CVE 2016-7115 (closes: 836320)
+
+ -- Håkon Nessjøen <haakon.nessjoen@gmail.com> Sun, 10 Sep 2016 23:11:32 +0200
+
mactelnet (0.4.0-1) unstable; urgency=low
* Upstream release 0.4.0
diff -Nru mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch
--- mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch 1970-01-01 01:00:00.000000000 +0100
+++ mactelnet-0.4.0/debian/patches/CVE-2016-7115.patch 2016-09-10 23:49:20.000000000 +0200
@@ -0,0 +1,51 @@
+--- a/mactelnet.c
++++ b/mactelnet.c
+@@ -75,7 +75,7 @@
+
+ static int keepalive_counter = 0;
+
+-static unsigned char encryptionkey[128];
++static unsigned char pass_salt[16];
+ static char username[255];
+ static char password[255];
+ static char nonpriv_username[255];
+@@ -191,18 +191,21 @@
+ char *terminal = getenv("TERM");
+ char md5data[100];
+ unsigned char md5sum[17];
+- int plen;
++ int plen, act_pass_len;
+ md5_state_t state;
+
+- /* Concat string of 0 + password + encryptionkey */
++ /* calculate the actual password's length */
++ act_pass_len = strnlen(password, 82);
++
++ /* Concat string of 0 + password + pass_salt */
+ md5data[0] = 0;
+- strncpy(md5data + 1, password, 82);
+- md5data[83] = '\0';
+- memcpy(md5data + 1 + strlen(password), encryptionkey, 16);
++ memcpy(md5data + 1, password, act_pass_len);
++ /* in case that password is long, calculate only using the used-up parts */
++ memcpy(md5data + 1 + act_pass_len, pass_salt, 16);
+
+ /* Generate md5 sum of md5data with a leading 0 */
+ md5_init(&state);
+- md5_append(&state, (const md5_byte_t *)md5data, strlen(password) + 17);
++ md5_append(&state, (const md5_byte_t *)md5data, 1 + act_pass_len + 16);
+ md5_finish(&state, (md5_byte_t *)md5sum + 1);
+ md5sum[0] = 0;
+
+@@ -279,9 +282,9 @@
+
+ while (success) {
+
+- /* If we receive encryptionkey, transmit auth data back */
++ /* If we receive pass_salt, transmit auth data back */
+ if (cpkt.cptype == MT_CPTYPE_ENCRYPTIONKEY) {
+- memcpy(encryptionkey, cpkt.data, cpkt.length);
++ memcpy(pass_salt, cpkt.data, 16);
+ send_auth(username, password);
+ }
+
diff -Nru mactelnet-0.4.0/debian/patches/series mactelnet-0.4.0/debian/patches/series
--- mactelnet-0.4.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ mactelnet-0.4.0/debian/patches/series 2016-09-10 23:49:03.000000000 +0200
@@ -0,0 +1 @@
+CVE-2016-7115.patch
Reply to: