RE: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution

To: <debian-security@lists.debian.org>
Subject: RE: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code execution
From: Molnár Péter <peter@petermolnar.hu>
Date: Mon, 13 Feb 2006 07:25:50 +0100
Message-id: <!&!AAAAAAAAAAAYAAAAAAAAAJgQEhK3rPlEjCBLG7axVHzCgAAAEAAAADpydMvF0qNNgdl/b3WgJCQBAAAAAA==@petermolnar.hu>
In-reply-to: <m1F7ROM-000oh7C@finlandia.Infodrom.North.DE>
Hali!

Kuldenel a listara is?

Thx: mP

> -----Original Message-----
> From: Martin Schulze [mailto:joey@infodrom.org]
> Sent: Friday, February 10, 2006 7:04 AM
> To: Debian Security Announcements
> Subject: [SECURITY] [DSA 967-1] New elog packages fix arbitrary code
> execution
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> - ------------------------------------------------------------------------
> --
> Debian Security Advisory DSA 967-1                     security@debian.org
> http://www.debian.org/security/                         Moritz Muehlenhoff
> February 10th, 2006                     http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
> --
> 
> Package        : elog
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE IDs        : CVE-2006-4439 CVE-2006-0347 CVE-2006-0348 CVE-2006-0597
>                  CVE-2006-0598 CVE-2006-0599 CVE-2006-0600
> Debian Bug     : 349528
> 
> Several security problems have been found in elog, an electonic logbook
> to manage notes.  The Common Vulnerabilities and Exposures Project
> identifies the following problems:
> 
> CVE-2005-4439
> 
>     "GroundZero Security" discovered that elog insufficiently checks the
>     size of a buffer used for processing URL parameters, which might lead
>     to the execution of arbitrary code.
> 
> CVE-2006-0347
> 
>     It was discovered that elog contains a directory traveral
> vulnerability
>     in the processing of "../" sequences in URLs, which might lead to
>     information disclosure.
> 
> CVE-2006-0348
> 
>     The code to write the log file contained a format string
> vulnerability,
>     which might lead to the execution of arbitrary code.
> 
> CVE-2006-0597
> 
>     Overly long revision attributes might trigger a crash due to a buffer
>     overflow.
> 
> CVE-2006-0598
> 
>     The code to write the log file does not enforce bounds checks
> properly,
>     which might lead to the execution of arbitrary code.
> 
> CVE-2006-0599
> 
>     elog emitted different errors messages for invalid passwords and
> invalid
>     users, which allows an attacker to probe for valid user names.
> 
> CVE-2006-0600
> 
>     An attacker could be driven into infinite redirection with a crafted
>     "fail" request, which has denial of service potential.
> 
> The old stable distribution (woody) does not contain elog packages.
> 
> For the stable distribution (sarge) these problems have been fixed in
> version 2.5.7+r1558-4+sarge2.
> 
> For the unstable distribution (sid) these problems have been fixed in
> version 2.6.1+r1642-1.
> 
> We recommend that you upgrade your elog package.
> 
> 
> Upgrade Instructions
> - --------------------
> 
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
> 
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
> 
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
> 
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
> 
> Debian GNU/Linux 3.1 alias sarge
> - --------------------------------
> 
>   Source archives:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2.dsc
>       Size/MD5 checksum:      581 ed02ecef4eb70c7344532b1a75f893bc
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2.diff.gz
>       Size/MD5 checksum:    21652 ab45bff97bf2e7c42cd5ccca5a80103e
> 
> http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558.orig.
> tar.gz
>       Size/MD5 checksum:   538216 e05c9fdaa02692ce20c70a5fd2748fe3
> 
>   Alpha architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_alpha.deb
>       Size/MD5 checksum:   555270 5cb3aba4fc1303a65984aab4acaf32da
> 
>   AMD64 architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_amd64.deb
>       Size/MD5 checksum:   511706 5e41b71ee6f3a42d5e7ac033b436c059
> 
>   ARM architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_arm.deb
>       Size/MD5 checksum:   516094 95f2c045af860501a8e8bad54d0f6958
> 
>   Intel IA-32 architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_i386.deb
>       Size/MD5 checksum:   513918 0dfe3628e07c5cea6f2609683104dbab
> 
>   Intel IA-64 architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_ia64.deb
>       Size/MD5 checksum:   597254 7f83bb7006849edf56411255e0b55e5f
> 
>   HP Precision architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_hppa.deb
>       Size/MD5 checksum:   543576 a09646d99c692e210164fb4a7f58c05a
> 
>   Motorola 680x0 architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_m68k.deb
>       Size/MD5 checksum:   482016 b92bbd85b3d1041cbf403070e4aa43c7
> 
>   Big endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_mips.deb
>       Size/MD5 checksum:   521234 33f7d96179fa0b4bd7cd314a33c54e31
> 
>   Little endian MIPS architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_mipsel.deb
>       Size/MD5 checksum:   524336 b30ef21a7a9a958839569cf548fffebb
> 
>   PowerPC architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_powerpc.deb
>       Size/MD5 checksum:   523540 823e5cb99e854a5ba0264259d7116deb
> 
>   IBM S/390 architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_s390.deb
>       Size/MD5 checksum:   514274 01f3ebd90422c9d94c109f60921c2634
> 
>   Sun Sparc architecture:
> 
>     http://security.debian.org/pool/updates/main/e/elog/elog_2.5.7+r1558-
> 4+sarge2_sparc.deb
>       Size/MD5 checksum:   518960 661427182cad6ca5a08663ffa505e4ef
> 
> 
>   These files will probably be moved into the stable distribution on
>   its next update.
> 
> - ------------------------------------------------------------------------
> ---------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2 (GNU/Linux)
> 
> iD8DBQFD7CzpW5ql+IAeqTIRAr7cAJwKu86gvdgW5UzWatM+8+EDiiSMdwCgnT2b
> ttGvVBTdC3n7VV+RsftANhg=
> =aKZq
> -----END PGP SIGNATURE-----
> 
> 
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to:
Prev by Date: subscribe
Next by Date: problem with unsubscribe
Previous by thread: Re: neighbour
Next by thread: problem with unsubscribe
Index(es):
- Date
- Thread