Your message dated Wed, 04 May 2005 04:02:37 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#303300: fixed in bzip2 1.0.2-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Apr 2005 21:56:10 +0000
>From [EMAIL PROTECTED] Tue Apr 05 14:56:10 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIw1q-0004Mg-00; Tue, 05 Apr 2005 14:56:10 -0700
Received: from dragon.kitenet.net (unknown [66.168.94.177])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id B672E18006
for <[EMAIL PROTECTED]>; Tue, 5 Apr 2005 21:56:08 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 762166E28F; Tue, 5 Apr 2005 17:59:06 -0400 (EDT)
Date: Tue, 5 Apr 2005 17:59:05 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: file permissions modification race (CAN-2005-0953)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="FL5UXtIhxfXey3p5"
Content-Disposition: inline
X-Reportbug-Version: 3.9
User-Agent: Mutt/1.5.8i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--FL5UXtIhxfXey3p5
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: bzip2
Version: 1.0.2-5
Severity: normal
Tags: security
According to
http://marc.theaimsgroup.com/?l=3Dbugtraq&m=3D111229375217633&w=3D2:
If a malicious local user has write access to a directory in which a
target user is using bzip2 to extract or compress a file to then a
TOCTOU bug can be exploited to change the permission of any file
belonging to that user.
On decompressing bzip2 copies the permissions from the compressed
bzip2 file to the
uncompressed file. However there is a gap between the uncompressed
file being written (and it's file handler being close) and the
permissions of the file being changed.
During this gap a malicious user can remove the decompressed file and
replace it with a hard-link to another file belonging to the user.
bzip2 will then change the permissions on the hard-linked file to be
the same as that of the bzip2 file.
This is a low impact security hole as it requires a local user to
exploit a race, and bzip2 must be run in a directory that the attacker
can write to (and +t directories probably don't work), and all you
can do is change a file permissions.=20
If you fix this hole, please refer to CAN-2005-0953 in your changelog.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
Versions of packages bzip2 depends on:
ii libbz2-1.0 1.0.2-5 high-quality block-sorting fil=
e co
ii libc6 2.3.2.ds1-20 GNU C Library: Shared librarie=
s an
-- no debconf information
--=20
see shy jo
--FL5UXtIhxfXey3p5
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCUwopd8HHehbQuO8RAhnfAJ4g7Eg/vVwNZ5QglR3Hj0pjCLv2EwCgoHNl
n+iQxlNnoMWQaieV69NZ9UU=
=/2Yv
-----END PGP SIGNATURE-----
--FL5UXtIhxfXey3p5--
---------------------------------------
Received: (at 303300-close) by bugs.debian.org; 4 May 2005 08:12:37 +0000
>From [EMAIL PROTECTED] Wed May 04 01:12:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DTEzl-0001ul-00; Wed, 04 May 2005 01:12:37 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DTEq5-0005N6-00; Wed, 04 May 2005 04:02:37 -0400
From: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#303300: fixed in bzip2 1.0.2-6
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 04 May 2005 04:02:37 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: bzip2
Source-Version: 1.0.2-6
We believe that the bug you reported is fixed in the latest version of
bzip2, which is due to be installed in the Debian FTP archive:
bzip2_1.0.2-6.diff.gz
to pool/main/b/bzip2/bzip2_1.0.2-6.diff.gz
bzip2_1.0.2-6.dsc
to pool/main/b/bzip2/bzip2_1.0.2-6.dsc
bzip2_1.0.2-6_i386.deb
to pool/main/b/bzip2/bzip2_1.0.2-6_i386.deb
libbz2-1.0_1.0.2-6_i386.deb
to pool/main/b/bzip2/libbz2-1.0_1.0.2-6_i386.deb
libbz2-dev_1.0.2-6_i386.deb
to pool/main/b/bzip2/libbz2-dev_1.0.2-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Anibal Monsalve Salazar <[EMAIL PROTECTED]> (supplier of updated bzip2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 04 May 2005 17:13:20 +1000
Source: bzip2
Binary: libbz2-1.0 bzip2 libbz2-dev
Architecture: source i386
Version: 1.0.2-6
Distribution: unstable
Urgency: high
Maintainer: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Changed-By: Anibal Monsalve Salazar <[EMAIL PROTECTED]>
Description:
bzip2 - high-quality block-sorting file compressor - utilities
libbz2-1.0 - high-quality block-sorting file compressor library - runtime
libbz2-dev - high-quality block-sorting file compressor library - development
Closes: 303300
Changes:
bzip2 (1.0.2-6) unstable; urgency=high
.
* Fixed RC bug "file permissions modification race (CAN-2005-0953)", closes:
#303300. Patch by Santiago Ruano Rincon <[EMAIL PROTECTED]>.
Original patch available at
http://marc.theaimsgroup.com/?l=bugtraq&m=111352423504277&w=2
Files:
a74d3720114343270551736341bd40e0 577 utils standard bzip2_1.0.2-6.dsc
64713d0abd18a046cf5574c359cf92ae 13388 utils standard bzip2_1.0.2-6.diff.gz
78d10de9df81a254a6b5d568a094f2ad 38478 libs standard
libbz2-1.0_1.0.2-6_i386.deb
cab75a9f8e336237dc9253aac64ccc88 30232 libdevel optional
libbz2-dev_1.0.2-6_i386.deb
ee9afe41875f2ed2e82eccd8de98efd4 233228 utils optional bzip2_1.0.2-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCeH4agY5NIXPNpFURAtqPAJ9izEld47sqGGtfdo5cr5p5AgX1SgCePbIT
qM4bqXq6c+Jo4LWzgXJr2zo=
=sj0G
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
