Your message dated Sun, 19 Apr 2015 15:19:49 +0000
with message-id <[email protected]>
and subject line Bug#782450: fixed in ppp 2.4.5-4+deb6u2
has caused the Debian Bug report #782450,
regarding ppp: CVE-2015-3310: Buffer overflow in radius plugin
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
782450: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782450
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ppp
Version: 2.4.6-3
Severity: important
Tags: patch

On systems with more than 65535 processes running, pppd aborts when
sending a "start" accounting message to the RADIUS server because of a
buffer overflow in rc_mksid.

The process id is used in rc_mksid to generate a pseudo-unique string,
assuming that the hex representation of the pid will be at most 4
characters (FFFF). __sprintf_chk(), used when compiling with
optimization levels greater than 0 and FORTIFY_SOURCE, detects the
buffer overflow and makes pppd crash.

The following patch fixes the problem.

--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
+++ ppp-2.4.6/pppd/plugins/radius/util.c
@@ -77,7 +77,7 @@ rc_mksid (void)
   static unsigned short int cnt = 0;
   sprintf (buf, "%08lX%04X%02hX",
           (unsigned long int) time (NULL),
-          (unsigned int) getpid (),
+          (unsigned int) getpid () % 65535,
           cnt & 0xFF);
   cnt++;
   return buf;


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ppp depends on:
ii  init-system-helpers  1.22
ii  libc6                2.19-17
ii  libpam-modules       1.1.8-3.1
ii  libpam-runtime       1.1.8-3.1
ii  libpam0g             1.1.8-3.1
ii  libpcap0.8           1.6.2-2
ii  procps               2:3.3.9-9

--- End Message ---
--- Begin Message ---
Source: ppp
Source-Version: 2.4.5-4+deb6u2

We believe that the bug you reported is fixed in the latest version of
ppp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated ppp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Apr 2015 16:00:47 +0200
Source: ppp
Binary: ppp ppp-udeb ppp-dev
Architecture: source i386 all
Version: 2.4.5-4+deb6u2
Distribution: squeeze-lts
Urgency: high
Maintainer: Marco d'Itri <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description: 
 ppp        - Point-to-Point Protocol (PPP) - daemon
 ppp-dev    - Point-to-Point Protocol (PPP) - development files
 ppp-udeb   - Point-to-Point Protocol (PPP) - package for Debian Installer 
(udeb)
Closes: 782450
Changes: 
 ppp (2.4.5-4+deb6u2) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Fix CVE-2015-3310: buffer overflow which may lead to DoS (Closes: #782450).
     (thanks to Emanuele Rocca for the patch).
Checksums-Sha1: 
 33d28ab19c5b260a52b5887ba831f327de180c95 1765 ppp_2.4.5-4+deb6u2.dsc
 cb977b31584e3488e08a643aaa672fdb229d2e78 684342 ppp_2.4.5.orig.tar.gz
 263138f23fd1ad778604e53dcd12dfa696886628 98377 ppp_2.4.5-4+deb6u2.diff.gz
 3bcbcbdd7e95ddd44fe4f663fb18089f90da91bb 351422 ppp_2.4.5-4+deb6u2_i386.deb
 9ef823345ef638a99ce0581811197ef0dd30eb5b 117154 
ppp-udeb_2.4.5-4+deb6u2_i386.udeb
 f32c7f00d8a5ec7f8a6d03e097ac21a4325eab17 57360 ppp-dev_2.4.5-4+deb6u2_all.deb
Checksums-Sha256: 
 97751146fbc2e8a447ec456e5e64cfdaef787672370869dcf006c212ab969931 1765 
ppp_2.4.5-4+deb6u2.dsc
 43317afec9299f9920b96f840414c977f0385410202d48e56d2fdb8230003505 684342 
ppp_2.4.5.orig.tar.gz
 821c9178d0c9e0d67d452b786cbf365d63237262b23d8cab51fd0eb9a1ef5ee9 98377 
ppp_2.4.5-4+deb6u2.diff.gz
 8a9e8f9b54c1588a882b7b3b4a93f7929f796ea56456e413f5e869487dfb864f 351422 
ppp_2.4.5-4+deb6u2_i386.deb
 d75e8b373e662874c2b6c5ac83f689d09df39e03b2605c1f10670ebfa23d927f 117154 
ppp-udeb_2.4.5-4+deb6u2_i386.udeb
 681efe1a7b1680ae501577b91a4d5c58c8fc913bfee03949c2ec0e71f4b602e6 57360 
ppp-dev_2.4.5-4+deb6u2_all.deb
Files: 
 ae5f111f77d822582bbe4cf179f7134e 1765 admin optional ppp_2.4.5-4+deb6u2.dsc
 4621bc56167b6953ec4071043fe0ec57 684342 admin optional ppp_2.4.5.orig.tar.gz
 747a78dd7e4f17ddfabe555ffa335849 98377 admin optional 
ppp_2.4.5-4+deb6u2.diff.gz
 ea5854906186f06fdb50a21c5d68dda4 351422 admin optional 
ppp_2.4.5-4+deb6u2_i386.deb
 f21f2762bcdf12ba2db42405d2ae1d34 117154 debian-installer optional 
ppp-udeb_2.4.5-4+deb6u2_i386.udeb
 cd0e19ba39e698258a995b3373c6211e 57360 devel extra 
ppp-dev_2.4.5-4+deb6u2_all.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJVM8MGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHirEQAKiFQb+fih1FOLQJUVV8Hpmv
gV2qPw2grtcpr3Em6PECcLkCaBewpudiLpDWbY9xrOkLTJUCkBYeBRaAzDi4DrXR
C3MfiIXeGZd/u9PGA/GJj3JfUpn4qPZXkA+rjLBke2eD6M1xQq1q+LbARStAu2Hh
YwWwzWUhAQ0icBHv+AXTyBwPUOhHUPqAn3iK4bQJkOY4WhT3dNob8GHRLTxvBd8C
XVaY8nvhOSb/Mooj6dwz94xRJwmvJHaW6R2G2qV1qTwHMR1+ux3H9rxirFZh/v0I
i+4LMUthmyCew4SJEG0H42XyKryTvDA6iMrAedQDrStMSzHVwixhEYUQJGYRbBCk
7giCd+lNka+O5A93XfxAN9jLoZhC2RnEIvP1gdPls5DHvK55MrluZJEcjL3P1Eim
FND1+oT7h50Gq0JswJ0VYkIptPm/n2UPtSv3l8WHSVExX2i0MUUqS0gRatjRswhD
w3qIOAHYU3nZcSJyN3OGtPE2OKmvrNMIVuebRKZBK5/uqJFNutdFXmhAM5uanBge
aHe3x12ADDFAyKsTlYHGZ6gIY0J/sKhhwOzgo4WTZFU/I0vVrY1OgEgMZbdQQL66
uDs8xf+gOu4vECVxZrbfFPbhbxir27jtebB6xMktLsJuIXEzUy0LxhJo9cUCVvGQ
pMDrBm0DV3c3OmeZXE0r
=skXJ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to