RE: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution
- To: <debian-security@lists.debian.org>
- Subject: RE: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution
- From: Molnár Péter <peter@petermolnar.hu>
- Date: Mon, 13 Feb 2006 07:25:50 +0100
- Message-id: <!&!AAAAAAAAAAAYAAAAAAAAAJgQEhK3rPlEjCBLG7axVHzCgAAAEAAAADpydMvF0qNNgdl/b3WgJCQBAAAAAA==@petermolnar.hu>
- In-reply-to: <m1F7ROM-000oh7C@finlandia.Infodrom.North.DE>
Hali!
Kuldenel a listara is?
Thx: mP
> -----Original Message-----
> From: Martin Schulze [mailto:joey@infodrom.org]
> Sent: Friday, February 10, 2006 7:04 AM
> To: Debian Security Announcements
> Subject: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code
> execution
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> --
> Debian Security Advisory DSA 967-1 security@debian.org
> http://www.debian.org/security/ Moritz Muehlenhoff
> February 10th, 2006 http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
> --
>
> Package : elog
> Vulnerability : several
> Problem-Type : remote
> Debian-specific: no
> CVE IDs : CVE-2006-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597
> CVE-2006-0598 CVE-2006-0599 CVE-2006-0600
> Debian Bug : 349528
>
> Several security problems have been found in elog, an electonic logbook
> to manage notes. The Common Vulnerabilities and Exposures Project
> identifies the following problems:
>
> CVE-2005-4439
>
> "GroundZero Security" discovered that elog insufficiently checks the
> size of a buffer used for processing URL parameters, which might lead
> to the execution of arbitrary code.
>
> CVE-2006-0347
>
> It was discovered that elog contains a directory traveral
> vulnerability
> in the processing of "../" sequences in URLs, which might lead to
> information disclosure.
>
> CVE-2006-0348
>
> The code to write the log file contained a format string
> vulnerability,
> which might lead to the execution of arbitrary code.
>
> CVE-2006-0597
>
> Overly long revision attributes might trigger a crash due to a buffer
> overflow.
>
> CVE-2006-0598
>
> The code to write the log file does not enforce bounds checks
> properly,
> which might lead to the execution of arbitrary code.
>
> CVE-2006-0599
>
> elog emitted different errors messages for invalid passwords and
> invalid
> users, which allows an attacker to probe for valid user names.
>
> CVE-2006-0600
>
> An attacker could be driven into infinite redirection with a crafted
> "fail" request, which has denial of service potential.
>
> The old stable distribution (woody) does not contain elog packages.
>
> For the stable distribution (sarge) these problems have been fixed in
> version 2.5.7+r1558-4+sarge2.
>
> For the unstable distribution (sid) these problems have been fixed in
> version 2.6.1+r1642-1.
>
> We recommend that you upgrade your elog package.
>
>
> Upgrade Instructions
> - --------------------
>
> wget url
> will fetch the file for you
> dpkg -i file.deb
> will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
> will update the internal database
> apt-get upgrade
> will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
> Debian GNU/Linux 3.1 alias sarge
> - --------------------------------
>
> Source archives:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2.dsc
> Size/MD5 checksum: 581 ed02ecef4eb70c7344532b1a75f893bc
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2.diff.gz
> Size/MD5 checksum: 21652 ab45bff97bf2e7c42cd5ccca5a80103e
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.
> tar.gz
> Size/MD5 checksum: 538216 e05c9fdaa02692ce20c70a5fd2748fe3
>
> Alpha architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_alpha.deb
> Size/MD5 checksum: 555270 5cb3aba4fc1303a65984aab4acaf32da
>
> AMD64 architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_amd64.deb
> Size/MD5 checksum: 511706 5e41b71ee6f3a42d5e7ac033b436c059
>
> ARM architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_arm.deb
> Size/MD5 checksum: 516094 95f2c045af860501a8e8bad54d0f6958
>
> Intel IA-32 architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_i386.deb
> Size/MD5 checksum: 513918 0dfe3628e07c5cea6f2609683104dbab
>
> Intel IA-64 architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_ia64.deb
> Size/MD5 checksum: 597254 7f83bb7006849edf56411255e0b55e5f
>
> HP Precision architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_hppa.deb
> Size/MD5 checksum: 543576 a09646d99c692e210164fb4a7f58c05a
>
> Motorola 680x0 architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_m68k.deb
> Size/MD5 checksum: 482016 b92bbd85b3d1041cbf403070e4aa43c7
>
> Big endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_mips.deb
> Size/MD5 checksum: 521234 33f7d96179fa0b4bd7cd314a33c54e31
>
> Little endian MIPS architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_mipsel.deb
> Size/MD5 checksum: 524336 b30ef21a7a9a958839569cf548fffebb
>
> PowerPC architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_powerpc.deb
> Size/MD5 checksum: 523540 823e5cb99e854a5ba0264259d7116deb
>
> IBM S/390 architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_s390.deb
> Size/MD5 checksum: 514274 01f3ebd90422c9d94c109f60921c2634
>
> Sun Sparc architecture:
>
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_sparc.deb
> Size/MD5 checksum: 518960 661427182cad6ca5a08663ffa505e4ef
>
>
> These files will probably be moved into the stable distribution on
> its next update.
>
> - ------------------------------------------------------------------------
> ---------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
>
> iD8DBQFD7CzpW5ql+IAeqTIRAr7cAJwKu86gvdgW5UzWatM+8+EDiiSMdwCgnT2b
> ttGvVBTdC3n7VV+RsftANhg=
> =aKZq
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: