Your message dated Thu, 17 Apr 2008 14:47:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#475227: fixed in audit 1.5.3-2+lenny1 has caused the Debian Bug report #475227, regarding auditd: CVE-2008-1628 buffer overflow in audit_log_user_command function might lead to code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 475227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475227 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: auditd Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for auditd. CVE-2008-1628[0]: | Stack-based buffer overflow in the audit_log_user_command function in | lib/audit_logging.c in Linux Audit before 1.7 might allow remote | attackers to execute arbitrary code via a long command argument. | NOTE: some of these details are obtained from third party information. In the audit_log_user_command function the command line passed to the kernel for example if the command is used via sudo is copied via strcpy into a buffer without any bounds checking and leads to stack corruption. Patch: --- audit_logging.c 2007-04-09 23:50:01.000000000 +0200 +++ audit_logging.c.new 2008-04-09 19:35:21.000000000 +0200 @@ -607,7 +607,11 @@ } p = cmd; - strcpy(commname, cmd); + if (len >= PATH_MAX) { + cmd[PATH_MAX] = 0; + len = PATH_MAX-1; + } + while (*p) { if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) { _audit_c2x(commname, cmd, len); If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1628 http://security-tracker.debian.net/tracker/CVE-2008-1628 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp9MR4VXc1lM.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: audit Source-Version: 1.5.3-2+lenny1 We believe that the bug you reported is fixed in the latest version of audit, which is due to be installed in the Debian FTP archive: audit_1.5.3-2+lenny1.diff.gz to pool/main/a/audit/audit_1.5.3-2+lenny1.diff.gz audit_1.5.3-2+lenny1.dsc to pool/main/a/audit/audit_1.5.3-2+lenny1.dsc auditd_1.5.3-2+lenny1_amd64.deb to pool/main/a/audit/auditd_1.5.3-2+lenny1_amd64.deb libaudit-dev_1.5.3-2+lenny1_amd64.deb to pool/main/a/audit/libaudit-dev_1.5.3-2+lenny1_amd64.deb libaudit0_1.5.3-2+lenny1_amd64.deb to pool/main/a/audit/libaudit0_1.5.3-2+lenny1_amd64.deb python-audit_1.5.3-2+lenny1_amd64.deb to pool/main/a/audit/python-audit_1.5.3-2+lenny1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated audit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 10 Apr 2008 15:06:25 +0200 Source: audit Binary: auditd libaudit0 libaudit-dev python-audit Architecture: source amd64 Version: 1.5.3-2+lenny1 Distribution: testing-security Urgency: high Maintainer: Philipp Matthias Hahn <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: auditd - User space tools for security auditing libaudit-dev - Header files and static library for security auditing libaudit0 - Dynamic library for security auditing python-audit - Python bindings for security auditing Closes: 475227 Changes: audit (1.5.3-2+lenny1) testing-security; urgency=high . * Non-maintainer upload by the Security Team. * Added CVE-2008-1628.patch to fix a stack-based buffer overflow in the audit_log_user_command function which can be triggered via a command argument that is passed to that function and might lead to execution of arbitrary code (Closes: #475227). Files: 130bb5a49ced5762b58a45a89cc39aea 808 libs extra audit_1.5.3-2+lenny1.dsc e94acafeb5fe8cf581b013ee5f02d95c 293566 libs extra audit_1.5.3.orig.tar.gz 9bdf1947af741730452464f3a90e02f1 6414 libs extra audit_1.5.3-2+lenny1.diff.gz aadb3085520ab06278c17ca200c4e8f7 230592 admin extra auditd_1.5.3-2+lenny1_amd64.deb e73fa310bd3ae988dd28762010548081 52844 libs extra libaudit0_1.5.3-2+lenny1_amd64.deb a83e25888b2222e7ea47215499b6c786 93728 libdevel extra libaudit-dev_1.5.3-2+lenny1_amd64.deb 2acd5ff055d84adf018e4014981fd104 58084 python extra python-audit_1.5.3-2+lenny1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIBmfyHYflSXNkfP8RAuwDAJ9jcY080nzcGFgfEAVWcPvDPHXPTwCgr1eM wy0425rdOZf3P5wEQRGQP/4= =BzcS -----END PGP SIGNATURE-----
--- End Message ---

