Your message dated Fri, 02 May 2014 12:12:12 +0000
with message-id <[email protected]>
and subject line Bug#745932: Removed package(s) from unstable
has caused the Debian Bug report #714612,
regarding yardradius: CVE-2013-4147: Multiple Format String Vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
714612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: yardradius
Version: 1.1.2-4
Severity: critical ( security)

Dear Maintainer,

Several Format String vulnerabilities was found in the latest `yardradius` 
version as explained further below :

src/log.c :

void
log_msg(int priority,char *fmt, va_list args)
{
...
 char buffer[1024];
...
 vfprintf(msgfd, fmt, args);
...
        vsnprintf(buffer,1024,fmt, args); 
#if defined(HAVE_SYSLOG)
        syslog(priority, buffer); 
...
        vsyslog(priority, fmt, args); 
...
}

So an attacker can fill fmt by for ex. "%x" and see the addressess.

############

src/version.c :

#define STRVER "%s : YARD Radius Server %s ... $ "

void
version(void)
{
        char buffer[1024];

        build_version(buffer,sizeof(buffer));
        fprintf(stderr, buffer);
        exit(-1);
}

...

void
build_version(char *bp,size_t sizeofbp)
{
        snprintf(bp,sizeofbp-1,STRVER, progname, VERSION);
..

$ ln -s radiusd %x
$ ./%x -v
./b77c0ff4 : YARD Radius Server 1.1 ...

It seems more of this type vulnerability exists in the source
if i find any other bug i will file them ...

if i can help in patching or anything , please let me know

Thank you
Hamid Zamani


-- System Information:
Debian Release: Kali Linux 1.0
Architecture: i386 (i686)

Kernel: Linux 3.7-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages yardradius depends on:
ii  libc6           2.13-38
ii  libgdbm3        1.8.3-11
ii  libpam-runtime  1.1.3-7.1
ii  libpam0g        1.1.3-7.1

yardradius recommends no packages.

yardradius suggests no packages.

-- no debconf information


                                          

--- End Message ---
--- Begin Message ---
Version: 1.1.2-4+rm

Dear submitter,

as the package yardradius has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see https://bugs.debian.org/745932

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
[email protected].

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)

--- End Message ---

Reply via email to