tags 283061 help thanks Could somebody please NMU?
I didn't get my new key signed yet so I am in no position to perform an
upload.
Thanks,
Grzegorz B. Prokopski
On Fri, 2004-11-26 at 01:56, Brian Dessent wrote:
> Package: opendchub
> Version: 0.7.14-1
> Severity: critical
> Tags: security patch
> Justification: root security hole
>
> A security flaw in the handling of the $RedirectAll command was
> discovered by Donato Ferrante. See
> <http://marc.theaimsgroup.com/?l=bugtraq&m=110144606411674> for
> details.
>
> The flaw allows a user with admin access to the hub to overflow a buffer
> and execute arbitrary code. The default port on which the hub listens
> is 411, which requires it to have root privileges, thus I've set this
> bug as a potential root hole and severity critical.
>
> The following patch is reported in the advisory:
>
> --- commands.c 2004-11-21 13:01:48.000000000 +0100
> +++ patch.c 2004-11-21 13:05:33.000000000 +0100
> @@ -2842,7 +2842,7 @@
> {
> char move_string[MAX_HOST_LEN+20];
>
> - sprintf(move_string, "$ForceMove %s", buf);
> + snprintf(move_string, MAX_HOST_LEN, "$ForceMove %s", buf);
>
> send_to_humans(move_string, REGULAR | REGISTERED | OP, user);
> remove_all(UNKEYED | NON_LOGGED | REGULAR | REGISTERED | OP, 1, 1);
>
>
>
> -- System Information:
> Debian Release: 3.1
> APT prefers testing
> APT policy: (500, 'testing')
> Architecture: i386 (i686)
> Kernel: Linux 2.4.23-rc3-djc3-6um
> Locale: LANG=C, LC_CTYPE=C
>
> Versions of packages opendchub depends on:
> ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries
> an
> ii libcap1 1:1.10-14 support for getting/setting
> POSIX.
> ii libperl5.8 5.8.4-2.3 Shared Perl library
> ii libssl0.9.7 0.9.7d-5 SSL shared libraries
>
> -- no debconf information
--
Grzegorz B. Prokopski <[EMAIL PROTECTED]>
SableVM - Free, LGPL'ed Java VM http://sablevm.org
Why SableVM ?!? http://sablevm.org/wiki/Features
Debian GNU/Linux - the Free OS http://www.debian.org
signature.asc
Description: This is a digitally signed message part
