Your message dated Sun, 03 Jul 2005 03:02:10 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#315065: fixed in heimdal 0.6.3-11
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 20 Jun 2005 11:26:02 +0000
>From [EMAIL PROTECTED] Mon Jun 20 04:26:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from moutng.kundenserver.de [212.227.126.187]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DkKPi-0000QD-00; Mon, 20 Jun 2005 04:26:02 -0700
Received: from bitz8.bitz.briteline.de [195.90.9.8] (helo=anton)
by mrelayeu.kundenserver.de with ESMTP (Nemesis),
id 0ML25U-1DkKPh0ClT-00007E; Mon, 20 Jun 2005 13:26:01 +0200
Received: by anton (Postfix, from userid 2028)
id A797CB6F17; Mon, 20 Jun 2005 13:26:00 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============1353662545=="
MIME-Version: 1.0
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Remotely exploitable buffer overflow in getterminaltype function
X-Mailer: reportbug 2.26.1.1.200308291454
Date: Mon, 20 Jun 2005 13:26:00 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Provags-ID: kundenserver.de [EMAIL PROTECTED]
login:4ad79d65ac46f2345c6ef2e856c1d9ef
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============1353662545==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: heimdal
Severity: grave
Tags: security patch
Heimdal contains a remotely exploitable buffer overflow in the getterminaltype()
function. This has been fixed in the new upstream versions 0.6.5 and 0.7.0.
URL: http://www.pdc.kth.se/heimdal/advisory/2005-06-20/
I've extracted the security relevant fix from the 0.6.4->0.6.5 patch. If you are
planning more extensive changes for packaging 0.7 it might be a good idea to
release a fixed package for the 0.6 branch before that.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.30-univention.2 #1 SMP Thu May 12 13:53:52 CEST 2005
i686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
--===============1353662545==
Content-Type: text/x-c; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="./heimdal-getterminaltype-sarge.diff"
diff -Naur heimdal-0.6.3.orig/debian/patches/033_getterminaltype_overflow
heimdal-0.6.3/debian/patches/033_getterminaltype_overflow
--- heimdal-0.6.3.orig/debian/patches/033_getterminaltype_overflow Thu Jan
1 01:00:00 1970
+++ heimdal-0.6.3/debian/patches/033_getterminaltype_overflow Mon Jun 20
12:49:40 2005
@@ -0,0 +1,81 @@
+--- heimdal-0.6.4/appl/telnet/telnetd/ext.h Mon Apr 18 22:53:17 2005
++++ heimdal-0.6.3/appl/telnet/telnetd/ext.h Tue Jun 14 16:27:23 2005
+@@ -57,7 +57,7 @@
+
+ extern slcfun slctab[NSLC + 1]; /* slc mapping table */
+
+-extern char *terminaltype;
++extern char terminaltype[41];
+
+ /*
+ * I/O data buffers, pointers, and counters.
+diff -Naur heimdal-0.6.4/appl/telnet/telnetd/global.c
heimdal-0.6.5/appl/telnet/telnetd/global.c
+--- heimdal-0.6.4/appl/telnet/telnetd/global.c Mon Apr 18 22:53:17 2005
++++ heimdal-0.6.3/appl/telnet/telnetd/global.c Tue Jun 14 16:27:23 2005
+@@ -54,7 +54,7 @@
+
+ slcfun slctab[NSLC + 1]; /* slc mapping table */
+
+-char *terminaltype;
++char terminaltype[41];
+
+ /*
+ * I/O data buffers, pointers, and counters.
+diff -Naur heimdal-0.6.4/appl/telnet/telnetd/state.c
heimdal-0.6.5/appl/telnet/telnetd/state.c
+--- heimdal-0.6.4/appl/telnet/telnetd/state.c Mon Apr 18 22:53:17 2005
++++ heimdal-0.6.3/appl/telnet/telnetd/state.c Tue Jun 14 16:27:23 2005
+@@ -939,7 +939,7 @@
+ } /* end of case TELOPT_TSPEED */
+
+ case TELOPT_TTYPE: { /* Yaaaay! */
+- static char terminalname[41];
++ char *p;
+
+ if (his_state_is_wont(TELOPT_TTYPE)) /* Ignore if option disabled */
+ break;
+@@ -949,9 +949,9 @@
+ return; /* ??? XXX but, this is the most robust */
+ }
+
+- terminaltype = terminalname;
++ p = terminaltype;
+
+- while ((terminaltype < (terminalname + sizeof terminalname-1)) &&
++ while ((p < (terminaltype + sizeof terminaltype-1)) &&
+ !SB_EOF()) {
+ int c;
+
+@@ -959,10 +959,9 @@
+ if (isupper(c)) {
+ c = tolower(c);
+ }
+- *terminaltype++ = c; /* accumulate name */
++ *p++ = c; /* accumulate name */
+ }
+- *terminaltype = 0;
+- terminaltype = terminalname;
++ *p = 0;
+ break;
+ } /* end of case TELOPT_TTYPE */
+
+diff -Naur heimdal-0.6.4/appl/telnet/telnetd/telnetd.c
heimdal-0.6.5/appl/telnet/telnetd/telnetd.c
+--- heimdal-0.6.4/appl/telnet/telnetd/telnetd.c Mon Apr 18 22:53:18 2005
++++ heimdal-0.6.3/appl/telnet/telnetd/telnetd.c Tue Jun 14 16:27:23 2005
+@@ -636,7 +636,7 @@
+ */
+ _gettermname();
+ if (strncmp(first, terminaltype, sizeof(first)) != 0)
+- strcpy(terminaltype, first);
++ strlcpy(terminaltype, first, sizeof(terminaltype));
+ break;
+ }
+ }
+@@ -752,7 +752,7 @@
+ */
+ *user_name = 0;
+ level = getterminaltype(user_name, sizeof(user_name));
+- esetenv("TERM", terminaltype ? terminaltype : "network", 1);
++ esetenv("TERM", terminaltype[0] ? terminaltype : "network", 1);
+
+ #ifdef _SC_CRAY_SECURE_SYS
+ if (secflag) {
--===============1353662545==--
---------------------------------------
Received: (at 315065-close) by bugs.debian.org; 3 Jul 2005 07:08:19 +0000
>From [EMAIL PROTECTED] Sun Jul 03 00:08:19 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DoyaR-0001bk-00; Sun, 03 Jul 2005 00:08:19 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DoyUU-0000pv-00; Sun, 03 Jul 2005 03:02:10 -0400
From: Brian May <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#315065: fixed in heimdal 0.6.3-11
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Sun, 03 Jul 2005 03:02:10 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: heimdal
Source-Version: 0.6.3-11
We believe that the bug you reported is fixed in the latest version of
heimdal, which is due to be installed in the Debian FTP archive:
heimdal-clients-x_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-clients-x_0.6.3-11_i386.deb
heimdal-clients_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-clients_0.6.3-11_i386.deb
heimdal-dev_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-dev_0.6.3-11_i386.deb
heimdal-docs_0.6.3-11_all.deb
to pool/main/h/heimdal/heimdal-docs_0.6.3-11_all.deb
heimdal-kdc_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-kdc_0.6.3-11_i386.deb
heimdal-servers-x_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-servers-x_0.6.3-11_i386.deb
heimdal-servers_0.6.3-11_i386.deb
to pool/main/h/heimdal/heimdal-servers_0.6.3-11_i386.deb
heimdal_0.6.3-11.diff.gz
to pool/main/h/heimdal/heimdal_0.6.3-11.diff.gz
heimdal_0.6.3-11.dsc
to pool/main/h/heimdal/heimdal_0.6.3-11.dsc
libasn1-6-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libasn1-6-heimdal_0.6.3-11_i386.deb
libgssapi1-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libgssapi1-heimdal_0.6.3-11_i386.deb
libhdb7-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libhdb7-heimdal_0.6.3-11_i386.deb
libkadm5clnt4-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libkadm5clnt4-heimdal_0.6.3-11_i386.deb
libkadm5srv7-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libkadm5srv7-heimdal_0.6.3-11_i386.deb
libkafs0-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libkafs0-heimdal_0.6.3-11_i386.deb
libkrb5-17-heimdal_0.6.3-11_i386.deb
to pool/main/h/heimdal/libkrb5-17-heimdal_0.6.3-11_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Brian May <[EMAIL PROTECTED]> (supplier of updated heimdal package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 3 Jul 2005 13:54:19 +1000
Source: heimdal
Binary: heimdal-servers-x heimdal-clients libkafs0-heimdal libkadm5srv7-heimdal
heimdal-kdc heimdal-servers libasn1-6-heimdal libkrb5-17-heimdal heimdal-dev
libkadm5clnt4-heimdal heimdal-docs heimdal-clients-x libgssapi1-heimdal
libhdb7-heimdal
Architecture: source i386 all
Version: 0.6.3-11
Distribution: unstable
Urgency: low
Maintainer: Brian May <[EMAIL PROTECTED]>
Changed-By: Brian May <[EMAIL PROTECTED]>
Description:
heimdal-clients - Clients for Heimdal Kerberos
heimdal-clients-x - X11 files for Heimdal Kerberos
heimdal-dev - Development files for Heimdal Kerberos
heimdal-docs - Documentation for Heimdal Kerberos
heimdal-kdc - KDC for Heimdal Kerberos
heimdal-servers - Servers for Heimdal Kerberos
heimdal-servers-x - X11 files for Heimdal Kerberos
libasn1-6-heimdal - Libraries for Heimdal Kerberos
libgssapi1-heimdal - Libraries for Heimdal Kerberos
libhdb7-heimdal - Libraries for Heimdal Kerberos
libkadm5clnt4-heimdal - Libraries for Heimdal Kerberos
libkadm5srv7-heimdal - Libraries for Heimdal Kerberos
libkafs0-heimdal - Libraries for Heimdal Kerberos
libkrb5-17-heimdal - Libraries for Heimdal Kerberos
Closes: 315065
Changes:
heimdal (0.6.3-11) unstable; urgency=low
.
* Apply patch to fix "Remotely exploitable buffer overflow in
getterminaltype function", reported in Secunia advisory SA15718 at
http://secunia.com/advisories/15718/. Closes: #315065.
Files:
0ff507544d59bee713f6885b1f762dfd 1010 net optional heimdal_0.6.3-11.dsc
0b42057b4ea23b5b66bf6eef09afad66 3218913 net optional heimdal_0.6.3-11.diff.gz
4175b498177546a599eccbc7fa9bb056 1166836 net extra
heimdal-docs_0.6.3-11_all.deb
b00f8d3d92bc5e990d666c54653a36db 127130 net extra heimdal-kdc_0.6.3-11_i386.deb
a7e2b6876913173fc719c9b646a8f0a0 420522 devel extra
heimdal-dev_0.6.3-11_i386.deb
809a874e4c2bd0020cdd72edd5f09cb5 62228 net extra
heimdal-clients-x_0.6.3-11_i386.deb
dd6479d5ab3daf9a9f330f1b0420f7ee 253372 net extra
heimdal-clients_0.6.3-11_i386.deb
22dff0794e682e4d207f5adc599648dc 41388 net extra
heimdal-servers-x_0.6.3-11_i386.deb
d2050a0894516b270051f71b08a19027 162582 net extra
heimdal-servers_0.6.3-11_i386.deb
26c9c935f8a102701054ba230247d8f9 75690 libs optional
libasn1-6-heimdal_0.6.3-11_i386.deb
24a7d0e7975019608a1f7e5f936d2a83 132810 libs optional
libkrb5-17-heimdal_0.6.3-11_i386.deb
6eda33c05baf30980fb38f92bae91d9f 51216 libs optional
libhdb7-heimdal_0.6.3-11_i386.deb
f5bce4b14ba647eb35b99abe6845c51a 46552 libs optional
libkadm5srv7-heimdal_0.6.3-11_i386.deb
8848fdf0e70397b76918764a1ccce653 37114 libs optional
libkadm5clnt4-heimdal_0.6.3-11_i386.deb
54614de6a501b21796d2597779468dd4 51990 libs optional
libgssapi1-heimdal_0.6.3-11_i386.deb
0e216c7b3cb87fb5526e615edf315086 36048 libs extra
libkafs0-heimdal_0.6.3-11_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFCx3XHuCinHABTDCQRAjEhAKCQEvXQVPBUoGhvWQntFmjZe/gQ/gCfYPqv
iiqI5EfsWLo8MaG5Q+lLpPQ=
=HEMu
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
