Your message dated Fri, 17 Apr 2015 16:32:05 +0000
with message-id <[email protected]>
and subject line Bug#782450: fixed in ppp 2.4.5-5.1+deb7u2
has caused the Debian Bug report #782450,
regarding ppp: CVE-2015-3310: Buffer overflow in radius plugin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
782450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ppp
Version: 2.4.6-3
Severity: important
Tags: patch

On systems with more than 65535 processes running, pppd aborts when
sending a "start" accounting message to the RADIUS server because of a
buffer overflow in rc_mksid.

The process id is used in rc_mksid to generate a pseudo-unique string,
assuming that the hex representation of the pid will be at most 4
characters (FFFF). __sprintf_chk(), used when compiling with
optimization levels greater than 0 and FORTIFY_SOURCE, detects the
buffer overflow and makes pppd crash.

The following patch fixes the problem.

--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
+++ ppp-2.4.6/pppd/plugins/radius/util.c
@@ -77,7 +77,7 @@ rc_mksid (void)
   static unsigned short int cnt = 0;
   sprintf (buf, "%08lX%04X%02hX",
           (unsigned long int) time (NULL),
-          (unsigned int) getpid (),
+          (unsigned int) getpid () % 65535,
           cnt & 0xFF);
   cnt++;
   return buf;


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ppp depends on:
ii  init-system-helpers  1.22
ii  libc6                2.19-17
ii  libpam-modules       1.1.8-3.1
ii  libpam-runtime       1.1.8-3.1
ii  libpam0g             1.1.8-3.1
ii  libpcap0.8           1.6.2-2
ii  procps               2:3.3.9-9

--- End Message ---
--- Begin Message ---
Source: ppp
Source-Version: 2.4.5-5.1+deb7u2

We believe that the bug you reported is fixed in the latest version of
ppp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Sebastien Delafond <[email protected]> (supplier of updated ppp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 16 Apr 2015 09:37:44 +0200
Source: ppp
Binary: ppp ppp-udeb ppp-dev
Architecture: source amd64 all
Version: 2.4.5-5.1+deb7u2
Distribution: wheezy-security
Urgency: medium
Maintainer: Marco d'Itri <[email protected]>
Changed-By: Sebastien Delafond <[email protected]>
Description: 
 ppp        - Point-to-Point Protocol (PPP) - daemon
 ppp-dev    - Point-to-Point Protocol (PPP) - development files
 ppp-udeb   - Point-to-Point Protocol (PPP) - package for Debian Installer 
(udeb)
Closes: 782450
Changes: 
 ppp (2.4.5-5.1+deb7u2) wheezy-security; urgency=medium
 .
   * Non-maintainer upload by the Security Team (thanks to Emanuele Rocca
     for the patch).
   * Fix CVE-2015-3310: buffer overflow which may lead to DoS (Closes:
     #782450).
Checksums-Sha1: 
 719ded51eb54e5fd05c7bb72bc59cba260ca7f54 1412 ppp_2.4.5-5.1+deb7u2.dsc
 36bb7fc982cf558ed20eb18cc11125f2fefe1b32 97247 ppp_2.4.5-5.1+deb7u2.diff.gz
 f2f47a3724305a2d37cf17cb912b5269198dd0f5 380948 ppp_2.4.5-5.1+deb7u2_amd64.deb
 8628f30f8f6bbfd6bf877d86c7e080e8db2a6647 112662 
ppp-udeb_2.4.5-5.1+deb7u2_amd64.udeb
 648a608f5ef20ff5034c7f03be17429ed71ab19f 57274 ppp-dev_2.4.5-5.1+deb7u2_all.deb
Checksums-Sha256: 
 a0dd2c8ae992b86fc1da8f966aa3d3955faaee57bb59accb1579c4fef7cbea9e 1412 
ppp_2.4.5-5.1+deb7u2.dsc
 6905ccb710a2cbf450d9e081b67ea6c9c39278c7e46e93d6f55b28da37077d95 97247 
ppp_2.4.5-5.1+deb7u2.diff.gz
 00439340d1c3bc46282fe212d1f1ca96c7d840e414d7f375cab3e941e33fa5d6 380948 
ppp_2.4.5-5.1+deb7u2_amd64.deb
 c2c4a637f7ec21385fa7921ae15119b925b9440f9dd7d0ea67b4c5ae7be70011 112662 
ppp-udeb_2.4.5-5.1+deb7u2_amd64.udeb
 0088ff5481d37aabfe5a83036edb54a97bafec8527fdcbb7a16240682d3c596c 57274 
ppp-dev_2.4.5-5.1+deb7u2_all.deb
Files: 
 b5c4ac00e57b3e324d2af0a6f2bf7b06 1412 admin optional ppp_2.4.5-5.1+deb7u2.dsc
 9b71b9c832424e9069a91f93dd47c69e 97247 admin optional 
ppp_2.4.5-5.1+deb7u2.diff.gz
 221dd3b7508ce77a087ab7c4e464e27d 380948 admin optional 
ppp_2.4.5-5.1+deb7u2_amd64.deb
 55e1aae061a80fd6fb8327a088925133 112662 debian-installer optional 
ppp-udeb_2.4.5-5.1+deb7u2_amd64.udeb
 c5bb6f22c6301a9504851fc7eb964527 57274 devel extra 
ppp-dev_2.4.5-5.1+deb7u2_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVL2eUAAoJEBC+iYPz1Z1khR8H/0JmVbhAer0GMZwrVi6uhT8+
Dt9FLjPNk9032KCh1+15HwnoaUhxUFdO6wMX7dB3D3mmsnN7ZLTuTcqIot9YgTi2
mQruFa2aKlA13Q/vX7AGhGaC5Y3uVZ30XaVYpWSsnS++XqWXhWc+Eh3sGZdJZSsD
nNONj+JjX0QUCNvifeNXISaWXiulXfTUJdXAF03d1ezLcyjNmXQrpmWCaqJeGMX5
vpRS8BoVx4ujEOou8PBfYYNazpZNFybMVGOQ14cSLiaDj+cNgMAtnPv9CMyKg1ET
WytPgwVUt9NC8ghXq6cB2hD1+gi9z4OZANFDjaOf3pnfrXPdbeDg3Tl7pHawjjs=
=cHka
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to