tag 341394 patch thanks webmin (1.180-3sarge0) stable-security; urgency=high
* [SECURITY] CVE-2005-3912 Fix syslog format string vulnerability in
miniserv.pl (Closes: #341394) This string vulnerability could be used
to gain access to the account running miniserv.pl by creating a
specialy crafted username. This vulnerability does not affect machines
which are running Sys::Syslog >= 0.07.
-- Don Armstrong <[EMAIL PROTECTED]> Tue, 27 Dec 2005 04:08:16 -0800
dsc and diff.gz are available if necessary at
http://rzlab.ucr.edu/debian/webmin/
(Note again that this vulernability does not affect testing or
unstable, as Sys::Syslog properly handles two argument syslog calls in
modern versions)
Don Armstrong
--
"I was thinking seven figures," he said, "but I would have taken a
hundred grand. I'm not a greedy person." [All for a moldy bottle of
tropicana.]
-- Sammi Hadzovic [in Andy Newman's 2003/02/14 NYT article.]
http://www.nytimes.com/2003/02/14/nyregion/14EYEB.html
http://www.donarmstrong.com http://rzlab.ucr.edu
diff -u webmin-1.180/debian/changelog webmin-1.180/debian/changelog
--- webmin-1.180/debian/changelog
+++ webmin-1.180/debian/changelog
@@ -1,3 +1,13 @@
+webmin (1.180-3sarge0) stable-security; urgency=high
+
+ * [SECURITY] CVE-2005-3912 Fix syslog format string vulnerability in
+ miniserv.pl (Closes: #341394) This string vulnerability could be used
+ to gain access to the account running miniserv.pl by creating a
+ specialy crafted username. This vulnerability does not affect machines
+ which are running Sys::Syslog >= 0.07.
+
+ -- Don Armstrong <[EMAIL PROTECTED]> Tue, 27 Dec 2005 04:08:16 -0800
+
webmin (1.180-3) unstable; urgency=high
* The ability to install third-party modules safely has been added.
only in patch2:
unchanged:
--- webmin-1.180.orig/miniserv.pl
+++ webmin-1.180/miniserv.pl
@@ -220,11 +220,11 @@
}
else {
local $msg = ucfirst($config{'pam'})." starting";
- eval { syslog("info", $msg); };
+ eval { syslog("info", '%s', $msg); };
if ($@) {
eval {
setlogsock("inet");
- syslog("info", $msg);
+ syslog("info", '%s', $msg);
};
if ($@) {
# All attempts to use syslog have failed..
@@ -546,7 +546,7 @@
&run_logout_script($s, $sdb[0]);
delete($sessiondb{$s});
if ($use_syslog) {
- syslog("info", "Timeout of $sdb[0]");
+ syslog("info", '%s', "Timeout of
$sdb[0]");
}
}
}
@@ -712,7 +712,7 @@
local $logtext =
"Security alert: Host $2 ".
"blocked after
$config{'blockhost_failures'} ".
"failed logins for
user $1";
- syslog("crit",
$logtext);
+ syslog("crit", '%s',
$logtext);
}
}
else {
@@ -1046,12 +1046,12 @@
if ($certs{$u} eq $peername) {
$authuser = $u;
$validated = 2;
- #syslog("info", "SSL login as $authuser from
$acpthost") if ($use_syslog);
+ #syslog("info", '%s', "SSL login as $authuser
from $acpthost") if ($use_syslog);
last;
}
}
if ($use_syslog && !$validated) {
- syslog("crit",
+ syslog("crit", '%s',
"Unknown SSL certificate $peername");
}
}
@@ -1084,7 +1084,7 @@
$validated = 0;
}
if ($use_syslog && !$validated) {
- syslog("crit",
+ syslog("crit", '%s',
($nonexist ? "Non-existent" :
$expired ? "Expired" : "Invalid").
" login as $authuser from $acpthost");
@@ -1121,7 +1121,7 @@
$authuser = $baseauthuser = undef;
if ($louser) {
if ($use_syslog) {
- syslog("info", "Logout by $louser from
$acpthost");
+ syslog("info", '%s', "Logout by $louser
from $acpthost");
}
&run_logout_script($louser, $sid,
$acptip, $localip);
@@ -1211,7 +1211,7 @@
&write_keep_alive(0);
&write_data("\r\n");
&log_request($acpthost, $authuser, $reqline,
302, 0);
- syslog("info", "Successful login as $authuser
from $acpthost") if ($use_syslog);
+ syslog("info", '%s', "Successful login as
$authuser from $acpthost") if ($use_syslog);
return 0;
}
elsif ($ok && $expired &&
@@ -1227,7 +1227,7 @@
$page = $config{'password_form'};
$logged_code = 401;
$miniserv_internal = 2;
- syslog("crit",
+ syslog("crit", '%s',
"Expired login as $in{'user'} ".
"from $acpthost") if ($use_syslog);
}
@@ -1239,7 +1239,7 @@
$already_session_id = undef;
$method = "GET";
$authuser = $baseauthuser = undef;
- syslog("crit",
+ syslog("crit", '%s',
($nonexist ? "Non-existent" :
$expired ? "Expired" : "Invalid").
" login as $in{'user'} from $acpthost")
@@ -1292,13 +1292,13 @@
# Local user exists in webmin users file
$validated = 1;
$authuser = $localauth_user;
- # syslog("info", "Local login as $authuser from
$acpthost") if ($use_syslog);
+ # syslog("info", '%s', "Local login as $authuser from
$acpthost") if ($use_syslog);
}
elsif ($config{'unixauth'}) {
# Local user must exist
$validated = 2;
$authuser = $localauth_user;
- # syslog("info", "Local login as $authuser from
$acpthost") if ($use_syslog);
+ # syslog("info", '%s', "Local login as $authuser from
$acpthost") if ($use_syslog);
}
else {
$localauth_user = undef;
signature.asc
Description: Digital signature
