Bug#651896: marked as done (njam: Insecure usage of environmental variable)

Debian Bug Tracking System Wed, 04 Jul 2012 10:51:18 -0700

Your message dated Wed, 04 Jul 2012 17:47:38 +0000
with message-id <e1smtfu-00008r...@franck.debian.org>
and subject line Bug#651896: fixed in njam 1.25-5.2
has caused the Debian Bug report #651896,
regarding njam: Insecure usage of environmental variable
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
651896: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=651896
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: njam
Version: 1.25-5
Justification: user security hole
Severity: grave
Tags: security

*** Please type your report below this line ***

The setgid(games) binary /usr/games/njam makes insecure use of the 
environmental variable SDL_VIDEODRIVER.

This potentially allows the execution of arbitrary code, as the
following example shows:

1.  Setup the variable:

    birthday:~# export SDL_VIDEODRIVER=$(perl -e "print 'x'x300") 


2.  Launch the binary under gdb so we can see what happens:

    birthday:~# gdb /usr/games/njam
(gdb) run
Starting program: /usr/games/njam 
..
Program received signal SIGSEGV, Segmentation fault.
0x0000000000404f48 in ?? ()
(gdb) bt
0  0x0000000000404f48 in ?? ()
1  0x7878787878787878 in ?? ()
2  0x7878787878787878 in ?? ()
3  0x7878787878787878 in ?? ()

  0x78 == "x" == Code execution via overflow.


  This is probably a minor issue, but should be simple to patch.

-- System Information:
Debian Release: 6.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/3 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages njam depends on:
ii  libc6                        2.11.2-10   Embedded GNU C Library: Shared lib
ii  libgcc1                      1:4.4.5-8   GCC support library
ii  libsdl-image1.2              1.2.10-2+b2 image loading library for Simple D
ii  libsdl-mixer1.2              1.2.8-6.3   mixer library for Simple DirectMed
ii  libsdl-net1.2                1.2.7-2     network library for Simple DirectM
ii  libsdl1.2debian              1.2.14-6.1  Simple DirectMedia Layer
ii  libstdc++6                   4.4.5-8     The GNU Standard C++ Library v3

njam recommends no packages.

njam suggests no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

Source: njam
Source-Version: 1.25-5.2

We believe that the bug you reported is fixed in the latest version of
njam, which is due to be installed in the Debian FTP archive:

njam_1.25-5.2.diff.gz
  to main/n/njam/njam_1.25-5.2.diff.gz
njam_1.25-5.2.dsc
  to main/n/njam/njam_1.25-5.2.dsc
njam_1.25-5.2_i386.deb
  to main/n/njam/njam_1.25-5.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 651...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luk Claes <l...@debian.org> (supplier of updated njam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 04 Jul 2012 15:49:52 +0000
Source: njam
Binary: njam
Architecture: source i386
Version: 1.25-5.2
Distribution: unstable
Urgency: high
Maintainer: Anibal Avelar <aave...@cofradia.org>
Changed-By: Luk Claes <l...@debian.org>
Description: 
 njam       - pacman-like game with multiplayer support
Closes: 651896
Changes: 
 njam (1.25-5.2) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * drop DGA support (Closes: #651896).
Checksums-Sha1: 
 a92e952a85952dc42f2cf8a5c5894a675fc404fe 1091 njam_1.25-5.2.dsc
 6689d465a3339f092b68c49cf0560aa2d6a6e977 7616 njam_1.25-5.2.diff.gz
 d9c5c9363348fb27db09e79b7bfb1992dc2b4478 1442670 njam_1.25-5.2_i386.deb
Checksums-Sha256: 
 c113b2cbe0953a6f33806076316f612a6b0e4f2674a5ba8d81574f113c188fc3 1091 
njam_1.25-5.2.dsc
 86a8d1d1855e11aae2e97ca99630471ab4f55585becc06911c31e9b7d40349cd 7616 
njam_1.25-5.2.diff.gz
 56e4958bb6ea310fc3cc044727862a3a5872d3b643d48c5e067b787ce479b7d2 1442670 
njam_1.25-5.2_i386.deb
Files: 
 1280b2db4b4393ae2738de5ace15695b 1091 games optional njam_1.25-5.2.dsc
 982b26d9f46313a634508e5f0719fba2 7616 games optional njam_1.25-5.2.diff.gz
 ecbf801d6de5da6c2e485a3ab0aff3c6 1442670 games optional njam_1.25-5.2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/0f9cACgkQ+C5cwEsrK54cWACcCrz6vxPbsV1mShVL/mHF9n/r
sKIAni1w6ZXUHDtsNf2oIyrbTiWj5cQs
=NeVp
-----END PGP SIGNATURE-----

--- End Message ---

Bug#651896: marked as done (njam: Insecure usage of environmental variable)

Reply via email to