Your message dated Fri, 17 Feb 2006 10:47:13 -0800 with message-id <[EMAIL PROTECTED]> and subject line Bug#352910: fixed in oprofile 0.9.1-9 has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---Package: oprofile Severity: normal CVE-2006-0576 reads: Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability. Giving sudo to oprofile is apparantly a very common practice. >From the original report: Whoever coded the script tried protecting it against executing binaries out of a safe PATH by defining one on line 1416: PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin The problem is that this script does not check where the 'which' or 'dirname' binary is executed from on line 1413/1414. This enables a malicious user to execute arbitrary code by using the following pseudo'exploit': cat > which #!/bin/sh /bin/cp /bin/bash /tmp/backdoor /bin/chmod 6755 /tmp/backdoor ^C set PATH="." /usr/bin/sudo /usr/local/bin/opcontrol This is a relatively low severity vulnerability, but easily fixed. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
--- End Message ---
--- Begin Message ---Source: oprofile Source-Version: 0.9.1-9 We believe that the bug you reported is fixed in the latest version of oprofile, which is due to be installed in the Debian FTP archive: oprofile-common_0.9.1-9_i386.deb to pool/main/o/oprofile/oprofile-common_0.9.1-9_i386.deb oprofile-gui_0.9.1-9_i386.deb to pool/main/o/oprofile/oprofile-gui_0.9.1-9_i386.deb oprofile-source_0.9.1-9_i386.deb to pool/main/o/oprofile/oprofile-source_0.9.1-9_i386.deb oprofile_0.9.1-9.diff.gz to pool/main/o/oprofile/oprofile_0.9.1-9.diff.gz oprofile_0.9.1-9.dsc to pool/main/o/oprofile/oprofile_0.9.1-9.dsc oprofile_0.9.1-9_i386.deb to pool/main/o/oprofile/oprofile_0.9.1-9_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Al Stone <[EMAIL PROTECTED]> (supplier of updated oprofile package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 17 Feb 2006 11:22:41 -0700 Source: oprofile Binary: oprofile-common oprofile oprofile-gui oprofile-source Architecture: source i386 Version: 0.9.1-9 Distribution: unstable Urgency: low Maintainer: Al Stone <[EMAIL PROTECTED]> Changed-By: Al Stone <[EMAIL PROTECTED]> Description: oprofile - system-wide profiler for Linux systems oprofile-common - system-wide profiler for Linux systems (command line components) oprofile-gui - system-wide profiler for Linux systems (GUI components) oprofile-source - Source for the OProfile driver Closes: 352910 Changes: oprofile (0.9.1-9) unstable; urgency=low . * Closes: bug#352910 -- CVE-2006-0576: Untrusted search path vulnerability in opcontrol (re-used patch from CVS HEAD) Files: 7bddc1ebdb61867f4ad6601d39a6da77 787 devel optional oprofile_0.9.1-9.dsc 822e869f229113ac639ee17f0eaf48a7 106206 devel optional oprofile_0.9.1-9.diff.gz b244e34676db8dcc704344a58648ba7b 182916 devel optional oprofile_0.9.1-9_i386.deb 84322859101c6f34371a0694658d6e6c 3894534 devel optional oprofile-common_0.9.1-9_i386.deb fd0ef7adb004cd23a0c32cf15dc2f607 88680 devel optional oprofile-gui_0.9.1-9_i386.deb f302e67e3d8b6dd0036171614637a201 342942 devel optional oprofile-source_0.9.1-9_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD9hbSso6+T7qY4V0RApc5AJ40xUJ2LCcaoFoOXRwN9PjLpvDDoQCeKy+0 j+hpb2VmmyDdqveihUr0qhk= =bwj5 -----END PGP SIGNATURE-----
--- End Message ---

