Your message dated Sun, 07 Jan 2007 11:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#405111: fixed in miredo 1.0.4-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: miredo
Version: 1.0.4-1
Severity: important
Tags: Security


A vulnerability has been reported in Miredo, which can be exploited by 
malicious people to conduct spoofing attacks.
The vulnerability is caused due to an unspecified error in the authentication 
process of a Teredo Bubble using HMAC-MD5-64 hashing and can be exploited to 
impersonate an arbitrary Teredo client.
Successful exploitation requires knowledge of the primary IPv4 address of the 
victim's Teredo server and the victim's Teredo IPv6 address, which is made of 
the 
victim's public IPv4 address, the UDP port number, and cone NAT flag.
The vulnerability is reported in versions 0.9.8 through 1.0.5.

Solution:
Update to version 1.0.6.

http://secunia.com/advisories/23596/


-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)

-- 
   .''`.  
  : :' :    Alex de Oliveira Silva | enerv
  `. `'     www.enerv.net
    `- 


--- End Message ---
--- Begin Message ---
Source: miredo
Source-Version: 1.0.4-2

We believe that the bug you reported is fixed in the latest version of
miredo, which is due to be installed in the Debian FTP archive:

miredo-server_1.0.4-2_i386.deb
  to pool/main/m/miredo/miredo-server_1.0.4-2_i386.deb
miredo_1.0.4-2.diff.gz
  to pool/main/m/miredo/miredo_1.0.4-2.diff.gz
miredo_1.0.4-2.dsc
  to pool/main/m/miredo/miredo_1.0.4-2.dsc
miredo_1.0.4-2_i386.deb
  to pool/main/m/miredo/miredo_1.0.4-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rémi Denis-Courmont <[EMAIL PROTECTED]> (supplier of updated miredo package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 30 Dec 2006 22:47:29 +0100
Source: miredo
Binary: miredo-server miredo
Architecture: source i386
Version: 1.0.4-2
Distribution: unstable
Urgency: medium
Maintainer: Rémi Denis-Courmont <[EMAIL PROTECTED]>
Changed-By: Rémi Denis-Courmont <[EMAIL PROTECTED]>
Description: 
 miredo     - Teredo IPv6 tunneling through NATs
 miredo-server - Teredo IPv6 tunneling server
Closes: 405111 405412
Changes: 
 miredo (1.0.4-2) unstable; urgency=medium
 .
   * Disable testsuite everywhere because it includes load-sensitive tests.
   * Merge various fixes from upstream Subversion:
     - typo in miredo.conf.5 (r1805)
     - note about dangerous settings in miredo-server.conf.5 (r1815)
     - fix for insufficient hop limit in Teredo bubbles (r1822)
     - fix symmetric NAT detection (r1868)
     - s/#warn/#warning (r1882) showing up on Hurd
     - fix possible Teredo client spoofing vulnerability (r1884)
       Closes: #405111, Closes: #405412
   * Use time() whenever needed instead of unsafe/badly broken 1Hz clock,
     though this degrades performance slightly.
   * Do not send "direct" Teredo bubble when run as a Teredo relay to improve
     compatibility with Linux/NetFilter (incl. Debian-based NATs); see #404365.
Files: 
 7d711c7b15ba90c8610bbb6909c8a05e 706 net optional miredo_1.0.4-2.dsc
 d933b07dac132a62bb1c3b13115fe7a4 7120 net optional miredo_1.0.4-2.diff.gz
 612ebd881274e22c2d1a964602f394c8 142706 net optional miredo_1.0.4-2_i386.deb
 af458459a0ef038eb709411d04edc9c6 111084 net extra 
miredo-server_1.0.4-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFoNKXrSbtgqbIBbkRAkyGAJ0cegm2taADO8KSww0N6oBjjcshjACfQjJz
rB4AoRVC4uh8NpQzJRrOJW4=
=n4IV
-----END PGP SIGNATURE-----


--- End Message ---

Reply via email to