Bug#283061: marked as done (opendchub: user with hub admin access can overflow a buffer and execute arbitrary code)
Your message dated Mon, 13 Feb 2006 10:32:08 -0800
with message-id [EMAIL PROTECTED]
and subject line Bug#283061: fixed in opendchub 0.7.14-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---BeginMessage---
Package: opendchub
Version: 0.7.14-1
Severity: critical
Tags: security patch
Justification: root security hole
A security flaw in the handling of the $RedirectAll command was
discovered by Donato Ferrante. See
http://marc.theaimsgroup.com/?l=bugtraqm=110144606411674 for
details.
The flaw allows a user with admin access to the hub to overflow a buffer
and execute arbitrary code. The default port on which the hub listens
is 411, which requires it to have root privileges, thus I've set this
bug as a potential root hole and severity critical.
The following patch is reported in the advisory:
--- commands.c 2004-11-21 13:01:48.0 +0100
+++ patch.c 2004-11-21 13:05:33.0 +0100
@@ -2842,7 +2842,7 @@
{
char move_string[MAX_HOST_LEN+20];
- sprintf(move_string, $ForceMove %s, buf);
+ snprintf(move_string, MAX_HOST_LEN, $ForceMove %s, buf);
send_to_humans(move_string, REGULAR | REGISTERED | OP, user);
remove_all(UNKEYED | NON_LOGGED | REGULAR | REGISTERED | OP, 1, 1);
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.23-rc3-djc3-6um
Locale: LANG=C, LC_CTYPE=C
Versions of packages opendchub depends on:
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libcap1 1:1.10-14support for getting/setting POSIX.
ii libperl5.8 5.8.4-2.3Shared Perl library
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
-- no debconf information
---End Message---
---BeginMessage---
Source: opendchub
Source-Version: 0.7.14-2
We believe that the bug you reported is fixed in the latest version of
opendchub, which is due to be installed in the Debian FTP archive:
opendchub_0.7.14-2.diff.gz
to pool/main/o/opendchub/opendchub_0.7.14-2.diff.gz
opendchub_0.7.14-2.dsc
to pool/main/o/opendchub/opendchub_0.7.14-2.dsc
opendchub_0.7.14-2_i386.deb
to pool/main/o/opendchub/opendchub_0.7.14-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zak B. Elep [EMAIL PROTECTED] (supplier of updated opendchub package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.7
Date: Wed, 8 Feb 2006 22:51:40 +0800
Source: opendchub
Binary: opendchub
Architecture: source i386
Version: 0.7.14-2
Distribution: unstable
Urgency: low
Maintainer: Zak B. Elep [EMAIL PROTECTED]
Changed-By: Zak B. Elep [EMAIL PROTECTED]
Description:
opendchub - hub clone for DC (Direct Connect P2P network)
Closes: 277705 283061 284265 284309 284350 285208
Changes:
opendchub (0.7.14-2) unstable; urgency=low
.
* New maintainer (as agreed with former maintainer; see
http://lists.debian.org/debian-devel/2006/02/msg7.html)
* debian/control:
- Change build system to use CDBS + debhelper.
- Bumped Standards-Version to 3.6.2 .
- Slightly touched description, and add a homepage link.
- Bump debhelper Build-Depends to (= 5).
* debian/copyright:
- Insert copyright notice snippet from src/main.h .
* debian/patches:
- Add 10_commands_buffer_overflow.patch
(Closes: #284265, #283061, #284350)
- Add 20_autotools_update.patch , should fix FTBFS on m68k
(Closes: #284309, #285208)
* debian/docs:
- Remove README, it is quite extraneous :(
* Removed debian/dirs for the same reason above.
* Added an init.d script from Eddy Petrisor, improved (Closes: #277705)
Files:
40d2eae85c3337d10cac86c605fdc0d0 613 net optional opendchub_0.7.14-2.dsc
6281487ac6745cf0854ee08fe064d556 75793 net optional opendchub_0.7.14-2.diff.gz
8766b325aac82d38be5cd5d0b2a38bb2 101574 net optional
opendchub_0.7.14-2_i386.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD8M+adC8qQo5jWl4RAp/bAJ9nXJ4xRVJh4hnHxB1VAxXu5jWFNACeJNpw
Ohr61MHg97uNEzf0SuA4nxs=
=G61d
-END PGP
Bug#283061: marked as done (opendchub: user with hub admin access can overflow a buffer and execute arbitrary code)
Your message dated Mon, 13 Feb 2006 10:32:09 -0800
with message-id [EMAIL PROTECTED]
and subject line Bug#284350: fixed in opendchub 0.7.14-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
---BeginMessage---
Package: opendchub
Version: 0.7.14-1
Severity: critical
Tags: security patch
Justification: root security hole
A security flaw in the handling of the $RedirectAll command was
discovered by Donato Ferrante. See
http://marc.theaimsgroup.com/?l=bugtraqm=110144606411674 for
details.
The flaw allows a user with admin access to the hub to overflow a buffer
and execute arbitrary code. The default port on which the hub listens
is 411, which requires it to have root privileges, thus I've set this
bug as a potential root hole and severity critical.
The following patch is reported in the advisory:
--- commands.c 2004-11-21 13:01:48.0 +0100
+++ patch.c 2004-11-21 13:05:33.0 +0100
@@ -2842,7 +2842,7 @@
{
char move_string[MAX_HOST_LEN+20];
- sprintf(move_string, $ForceMove %s, buf);
+ snprintf(move_string, MAX_HOST_LEN, $ForceMove %s, buf);
send_to_humans(move_string, REGULAR | REGISTERED | OP, user);
remove_all(UNKEYED | NON_LOGGED | REGULAR | REGISTERED | OP, 1, 1);
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.23-rc3-djc3-6um
Locale: LANG=C, LC_CTYPE=C
Versions of packages opendchub depends on:
ii libc6 2.3.2.ds1-18 GNU C Library: Shared libraries an
ii libcap1 1:1.10-14support for getting/setting POSIX.
ii libperl5.8 5.8.4-2.3Shared Perl library
ii libssl0.9.7 0.9.7d-5 SSL shared libraries
-- no debconf information
---End Message---
---BeginMessage---
Source: opendchub
Source-Version: 0.7.14-2
We believe that the bug you reported is fixed in the latest version of
opendchub, which is due to be installed in the Debian FTP archive:
opendchub_0.7.14-2.diff.gz
to pool/main/o/opendchub/opendchub_0.7.14-2.diff.gz
opendchub_0.7.14-2.dsc
to pool/main/o/opendchub/opendchub_0.7.14-2.dsc
opendchub_0.7.14-2_i386.deb
to pool/main/o/opendchub/opendchub_0.7.14-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Zak B. Elep [EMAIL PROTECTED] (supplier of updated opendchub package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.7
Date: Wed, 8 Feb 2006 22:51:40 +0800
Source: opendchub
Binary: opendchub
Architecture: source i386
Version: 0.7.14-2
Distribution: unstable
Urgency: low
Maintainer: Zak B. Elep [EMAIL PROTECTED]
Changed-By: Zak B. Elep [EMAIL PROTECTED]
Description:
opendchub - hub clone for DC (Direct Connect P2P network)
Closes: 277705 283061 284265 284309 284350 285208
Changes:
opendchub (0.7.14-2) unstable; urgency=low
.
* New maintainer (as agreed with former maintainer; see
http://lists.debian.org/debian-devel/2006/02/msg7.html)
* debian/control:
- Change build system to use CDBS + debhelper.
- Bumped Standards-Version to 3.6.2 .
- Slightly touched description, and add a homepage link.
- Bump debhelper Build-Depends to (= 5).
* debian/copyright:
- Insert copyright notice snippet from src/main.h .
* debian/patches:
- Add 10_commands_buffer_overflow.patch
(Closes: #284265, #283061, #284350)
- Add 20_autotools_update.patch , should fix FTBFS on m68k
(Closes: #284309, #285208)
* debian/docs:
- Remove README, it is quite extraneous :(
* Removed debian/dirs for the same reason above.
* Added an init.d script from Eddy Petrisor, improved (Closes: #277705)
Files:
40d2eae85c3337d10cac86c605fdc0d0 613 net optional opendchub_0.7.14-2.dsc
6281487ac6745cf0854ee08fe064d556 75793 net optional opendchub_0.7.14-2.diff.gz
8766b325aac82d38be5cd5d0b2a38bb2 101574 net optional
opendchub_0.7.14-2_i386.deb
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD8M+adC8qQo5jWl4RAp/bAJ9nXJ4xRVJh4hnHxB1VAxXu5jWFNACeJNpw
Ohr61MHg97uNEzf0SuA4nxs=
=G61d
-END PGP
