Bug#226356: marked as done (Buffer overflow vulnerability (CAN-2003-0850))
Your message dated Wed, 07 Jan 2004 16:39:47 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#226356: fixed in libnids 1.18-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 6 Jan 2004 07:20:13 + >From [EMAIL PROTECTED] Tue Jan 06 01:20:12 2004 Return-path: <[EMAIL PROTECTED]> Received: from mta13.mail.adelphia.net (mta13.adelphia.net) [68.168.78.44] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AdgmK-0005Th-00; Mon, 05 Jan 2004 20:17:08 -0600 Received: from mizar.alcor.net ([68.64.159.24]) by mta13.adelphia.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <[EMAIL PROTECTED]> for <[EMAIL PROTECTED]>; Mon, 5 Jan 2004 21:17:08 -0500 Received: from mdz by mizar.alcor.net with local (Exim 4.30) id 1AdgmJ-00076v-7I for [EMAIL PROTECTED]; Mon, 05 Jan 2004 18:17:07 -0800 Date: Mon, 5 Jan 2004 18:17:07 -0800 From: Matt Zimmerman <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Subject: Buffer overflow vulnerability (CAN-2003-0850) Message-ID: <[EMAIL PROTECTED]> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Reportbug-Version: 2.37 X-Debbugs-CC: [EMAIL PROTECTED] User-Agent: Mutt/1.5.4i Sender: Matt Zimmerman <[EMAIL PROTECTED]> Delivered-To: [EMAIL PROTECTED] X-Spam-Checker-Version: SpamAssassin 2.60-master.debian.org_2003_11_25-bugs.debian.org_2004_1_5 (1.212-2003-09-23-exp) on master.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=HAS_PACKAGE,X_DEBBUGS_CC autolearn=no version=2.60-master.debian.org_2003_11_25-bugs.debian.org_2004_1_5 X-Spam-Level: Package: libnids Severity: grave "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 An update to version 1.18 should be sufficient to correct the problem. I am copying [EMAIL PROTECTED], since that is the only reverse dependency. This package is orphaned and could be removed if this bug is not fixed. -- System Information: Debian Release: unstable Architecture: i386 Kernel: Linux mizar 2.4.22-deb5-evms2.1.1-skas3-1 #1 Mon Dec 22 14:08:31 PST 2003 i686 Locale: LANG=en_US, LC_CTYPE=en_US -- - mdz --- Received: (at 226356-close) by bugs.debian.org; 8 Jan 2004 01:53:30 + >From [EMAIL PROTECTED] Wed Jan 07 19:53:30 2004 Return-path: <[EMAIL PROTECTED]> Received: from auric.debian.org [206.246.226.45] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AeLdZ-0005th-00; Wed, 07 Jan 2004 15:54:49 -0600 Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian)) id 1AeLP1-Qz-00; Wed, 07 Jan 2004 16:39:47 -0500 From: Steve Kemp <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.43 $ Subject: Bug#226356: fixed in libnids 1.18-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 07 Jan 2004 16:39:47 -0500 Delivered-To: [EMAIL PROTECTED] Source: libnids Source-Version: 1.18-1 We believe that the bug you reported is fixed in the latest version of libnids, which is due to be installed in the Debian FTP archive: libnids-dev_1.18-1_i386.deb to pool/main/libn/libnids/libnids-dev_1.18-1_i386.deb libnids1_1.18-1_i386.deb to pool/main/libn/libnids/libnids1_1.18-1_i386.deb libnids_1.18-1.dsc to pool/main/libn/libnids/libnids_1.18-1.dsc libnids_1.18-1.tar.gz to pool/main/libn/libnids/libnids_1.18-1.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve Kemp <[EMAIL PROTECTED]> (supplier of updated libnids package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Wed, 8 Jan 2004 19:35:28 + Source: libnids Binary: libnids-dev libnids1 Architecture: source i386 Version: 1.18-1 Distribution: unstable Urgency: high
Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
On Tue, Jan 06, 2004 at 11:22:55AM +, Steve Kemp wrote: > On Mon, Jan 05, 2004 at 06:17:07PM -0800, Matt Zimmerman wrote: > > Package: libnids > > Severity: grave > > > > "The TCP reassembly functionality in libnids before 1.18 allows remote > > attackers to cause "memory corruption" and possibly execute arbitrary code > > via "overlarge TCP packets." > > > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 > > > > An update to version 1.18 should be sufficient to correct the problem. > > > > I am copying [EMAIL PROTECTED], since that is the only reverse > > dependency. This package is orphaned and could be removed if this bug is > > not fixed. > > I maintain dsniff - and will adopt libnids and upload a more recent > version shortly. Aha. Ignore most of my message, then. :) The bit about the changed SONAME probably still applies. > I've retitled #188171 to reflect this, although the cotrol address > seems to be a little bit slow today. This is true in general at the moment, yes. -- Colin Watson [EMAIL PROTECTED]
Bug#226711: [PATCH] fix off-by-one-line behavior in example bot after saving
Package: megahal
Version: 9.0.3-7
When the example bot saves, megahal says something random. That
appears to stick in the buffer and the bot begins responding not
to the current query but the query immediately before.
This patch fixes that problem.
--
Matt Behrens <[EMAIL PROTECTED]> http://zigg.com/>
--- /usr/share/doc/megahal/examples/Hal.pm 2000-09-01 13:36:58.0
-0400
+++ Hal.pm 2004-01-07 16:04:26.0 -0500
@@ -86,7 +86,7 @@
# Save brain.
sub save {
$wselect->can_write();
- syswrite(WRITE,"#save\n\n",8);
+ syswrite(WRITE,"#quiet\n\n#save\n\n#quiet\n\n");
}
# Set a socket into nonblocking mode.
pgpifq1RlyjHJ.pgp
Description: PGP signature
Bug#192621: marked as done (libnids: new version available)
Your message dated Wed, 07 Jan 2004 16:39:47 -0500 with message-id <[EMAIL PROTECTED]> and subject line Bug#192621: fixed in libnids 1.18-1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -- Received: (at submit) by bugs.debian.org; 9 May 2003 13:53:50 + >From [EMAIL PROTECTED] Fri May 09 08:53:48 2003 Return-path: <[EMAIL PROTECTED]> Received: from pintail.mail.pas.earthlink.net [207.217.120.122] by master.debian.org with esmtp (Exim 3.12 1 (Debian)) id 19E8Jo-0001Jo-00; Fri, 09 May 2003 08:53:48 -0500 Received: from dialup-67.30.33.55.dial1.dallas1.level3.net ([67.30.33.55] helo=localhost.localdomain) by pintail.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 19E8Jk-0006sB-00 for [EMAIL PROTECTED]; Fri, 09 May 2003 06:53:45 -0700 Subject: libnids: new version available From: Corey Wright <[EMAIL PROTECTED]> To: Debian Bug Tracking System <[EMAIL PROTECTED]> Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.5 Date: 09 May 2003 08:53:43 -0500 Message-Id: <[EMAIL PROTECTED]> Mime-Version: 1.0 Delivered-To: [EMAIL PROTECTED] X-Spam-Status: No, hits=-12.3 required=4.0 tests=BAYES_01,HAS_PACKAGE,USER_AGENT_XIMIAN autolearn=ham version=2.53-bugs.debian.org_2003_04_23 X-Spam-Level: X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_04_23 (1.174.2.15-2003-03-30-exp) Package: libnids Version: N/A; reported 2003-05-09 Severity: wishlist a new version, 1.17rc1, of libnids is available. this new version would have been helpful recently as i tried to use dsniff on a ppp interface, but wasn't seeing anything because DLT_LINUX_SLL type wasn't recognized and ethernet was instead used (by default, though non-beneficially). i patched 1.16 myself to support DLT_LINUX_SLL (before finding out about the new version; DOH!). seems 1.16 is out of date with recent technology (wireless, vlan) and the linux kernel (ppp). changelog: v1.17rc1 Aug 30 2002 - support for libnet-1.1 and --with-libnet=no - added support for libpcap save files - finally, DLT_LINUX_SLL is recognized - removed a horrible assumption on sizeof(pointer); it could result in segfault in scan.c - --enable-shared - __i386 -> __i386__ || __i386 :( - support for 802.1Q VLAN - support for wireless frames (DLT_IEEE802_11) - got rid of (obsolete) pcap_open_live_new - bail out if link type is unknown, instead of pretendind it is ethernet - $(MAKE) -> $(MAKE) $(AM_MAKEFLAGS) - added a working link to Ptacek-Newsham paper - %hi -> %hu :) - align IP header if necessary (should not be) - improved libraries detection - mentioned usefulness od setsockopt(...SO_RCVBUF...) on a fast network thanks for your work on libnids. -- System Information Debian Release: 3.0 Architecture: i386 Kernel: Linux deuteronomy 2.4.20-ipsec #1 Wed Apr 23 01:18:22 CDT 2003 i686 Locale: LANG=C, LC_CTYPE=C --- Received: (at 192621-close) by bugs.debian.org; 7 Jan 2004 23:40:30 + >From [EMAIL PROTECTED] Wed Jan 07 17:40:30 2004 Return-path: <[EMAIL PROTECTED]> Received: from auric.debian.org [206.246.226.45] by master.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1AeLdR-0005t1-00; Wed, 07 Jan 2004 15:54:41 -0600 Received: from katie by auric.debian.org with local (Exim 3.35 1 (Debian)) id 1AeLP1-Qx-00; Wed, 07 Jan 2004 16:39:47 -0500 From: Steve Kemp <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] X-Katie: $Revision: 1.43 $ Subject: Bug#192621: fixed in libnids 1.18-1 Message-Id: <[EMAIL PROTECTED]> Sender: Archive Administrator <[EMAIL PROTECTED]> Date: Wed, 07 Jan 2004 16:39:47 -0500 Delivered-To: [EMAIL PROTECTED] Source: libnids Source-Version: 1.18-1 We believe that the bug you reported is fixed in the latest version of libnids, which is due to be installed in the Debian FTP archive: libnids-dev_1.18-1_i386.deb to pool/main/libn/libnids/libnids-dev_1.18-1_i386.deb libnids1_1.18-1_i386.deb to pool/main/libn/libnids/libnids1_1.18-1_i386.deb libnids_1.18-1.dsc to pool/main/libn/libnids/libnids_1.18-1.dsc libnids_1.18-1.tar.gz to pool/main/libn/libnids/libnids_1.18-1.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Steve Kemp <[EM
Bug#226650: wn: implicitly declared function returns a pointer that is used
Package: wn Version: 2.2.9-3 Severity: important The following functions are used in your pacakge without being defined (you probably forgot a header file) in your package, and the return value is converted to a pointer. This is guaranteed to be fatal on ia64, and probably any 64-bit architecture. Function `gmtime' implicitly converted to pointer at wn.c:1435 Function `gmtime' implicitly converted to pointer at send.c:213 Function `gmtime' implicitly converted to pointer at wn.c:1435 Function `localtime' implicitly converted to pointer at standalone.c:340 Function `gmtime' implicitly converted to pointer at standalone.c:341 If appropriate, please upgrade this bug to serious. thanks, lamont
Bug#226553: emelfm: implicitly declared function returns a pointer that is used
Package: emelfm Version: 0.9.2-6 Severity: important The following functions are used in your pacakge without being defined (you probably forgot a header file) in your package, and the return value is converted to a pointer. This is guaranteed to be fatal on ia64, and probably any 64-bit architecture. Function `localtime' implicitly converted to pointer at filelist.c:792 If appropriate, please upgrade this bug to serious. thanks, lamont
Bug#226526: libgtk-perl: implicitly declared function returns a pointer that is used
Package: libgtk-perl Version: 0.7008-1.9 Severity: important The following functions are used in your pacakge without being defined (you probably forgot a header file) in your package, and the return value is converted to a pointer. This is guaranteed to be fatal on ia64, and probably any 64-bit architecture. Function `newSVGtkObjectRef' implicitly converted to pointer at GdkPixbufLoader.c:39 Function `SvGtkObjectRef' implicitly converted to pointer at GdkPixbufLoader.c:58 Function `SvGtkXmHTMLCallbackStruct' implicitly converted to pointer at GtkXmHTML.c:1024 Function `SvGdkImlibImage' implicitly converted to pointer at GnomeCanvasItem.xs:32 Function `newSVGdkImlibImage' implicitly converted to pointer at GnomeCanvasItem.xs:63 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrinter.c:40 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrinter.c:57 Function `newSVDefEnumHash' implicitly converted to pointer at GnomePrinter.c:69 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrintMasterPreview.c:36 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrintMasterPreview.c:49 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrinterWidget.c:39 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrinterWidget.c:57 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrinterDialog.c:39 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrinterDialog.c:57 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrintDialog.c:34 Function `newSVDefEnumHash' implicitly converted to pointer at GnomePrintDialog.c:46 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrintDialog.c:131 Function `newSVGtkObjectRef' implicitly converted to pointer at GnomePrintMaster.c:39 Function `SvGtkObjectRef' implicitly converted to pointer at GnomePrintMaster.c:57 If appropriate, please upgrade this bug to serious. thanks, lamont
Bug#226536: libming: implicitly declared function returns a pointer that is used
Package: libming Version: 0.2a.cvs20030716-2 Severity: important The following functions are used in your pacakge without being defined (you probably forgot a header file) in your package, and the return value is converted to a pointer. This is guaranteed to be fatal on ia64, and probably any 64-bit architecture. Function `getButtonSound' implicitly converted to pointer at displaylist.c:506 Function `getButtonSound' implicitly converted to pointer at displaylist.c:506 Function `getButtonSound' implicitly converted to pointer at displaylist.c:506 If appropriate, please upgrade this bug to serious. thanks, lamont
Bug#226356: Buffer overflow vulnerability (CAN-2003-0850)
On Mon, Jan 05, 2004 at 06:17:07PM -0800, Matt Zimmerman wrote: > Package: libnids > Severity: grave > > "The TCP reassembly functionality in libnids before 1.18 allows remote > attackers to cause "memory corruption" and possibly execute arbitrary code > via "overlarge TCP packets." > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850 > > An update to version 1.18 should be sufficient to correct the problem. > > I am copying [EMAIL PROTECTED], since that is the only reverse > dependency. This package is orphaned and could be removed if this bug is > not fixed. I'm having a look at this. However, upstream have changed libnids' SONAME to libnids.so.1.18, so the package name will have to change to libnids1.18; Steve, you'll need to give dsniff a Build-Depends: libnids (>= 1.18-1) and re-upload to make its dependencies match. I was going to switch to libnet1-dev too while I was at it, but it appears that dsniff won't be able to cope with that, so it can wait. Cheers, -- Colin Watson [EMAIL PROTECTED]
