Bug#505271: marked as done (symlink attack in login leading to arbitrary file ownership)

Sat, 22 Nov 2008 10:28:17 -0800 

Your message dated Sat, 22 Nov 2008 18:02:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#505271: fixed in shadow 1:4.1.1-6
has caused the Debian Bug report #505271,
regarding symlink attack in login leading to arbitrary file ownership
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
505271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: login
Version: 1:4.0.18.1-7
Severity: normal

(I wanted to send this to  [EMAIL PROTECTED]  but that was not
accepted, surely because that is closed/archived.)

I found in my logs (I think first occurrence of such mis-behaviour):

Nov  8 05:50:09 rome in.telnetd[21060]: connect from [EMAIL PROTECTED] 
(129.78.69.145) 
Nov  8 05:50:12 rome login[21062]: (pam_unix) session opened for user root by 
(uid=0) 
Nov  8 05:50:12 rome login[21062]: can't stat(`/dev/smb/39'): errno 2  
Nov  8 05:50:12 rome login[21062]: unable to determine TTY name, got 
/dev/smb/39  

Surely that Samba device is wrong for a telnet session...

Hope this helps in tacking down the cause of this bug.

Cheers,

Paul Szabo   [EMAIL PROTECTED]   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-pk03.02-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages login depends on:
ii  libc6                  2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii  libpam-modules         0.79-5            Pluggable Authentication Modules f
ii  libpam-runtime         0.79-5            Runtime support for the PAM librar
ii  libpam0g               0.79-5            Pluggable Authentication Modules l

login recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: shadow
Source-Version: 1:4.1.1-6

We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:

login_4.1.1-6_i386.deb
  to pool/main/s/shadow/login_4.1.1-6_i386.deb
passwd_4.1.1-6_i386.deb
  to pool/main/s/shadow/passwd_4.1.1-6_i386.deb
shadow_4.1.1-6.diff.gz
  to pool/main/s/shadow/shadow_4.1.1-6.diff.gz
shadow_4.1.1-6.dsc
  to pool/main/s/shadow/shadow_4.1.1-6.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> (supplier of updated shadow 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 14 Nov 2008 21:52:42 +0100
Source: shadow
Binary: passwd login
Architecture: source i386
Version: 1:4.1.1-6
Distribution: unstable
Urgency: medium
Maintainer: Shadow package maintainers <[EMAIL PROTECTED]>
Changed-By: Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 501353 501830 505271
Changes: 
 shadow (1:4.1.1-6) unstable; urgency=medium
 .
   * The "Rollot" release.
   * debian/patches/303_login_symlink_attack: Fix a race condition that could
     lead to gaining ownership or changing mode of arbitrary files.
     Closes: #505271
   * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
     referenced in the manpage, not LOGIN. Closes: #501830
   * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
     files. Closes: #501353
Checksums-Sha1: 
 46f1e4d4d5283ddfb51d21295cd6d2bcdca817b8 1542 shadow_4.1.1-6.dsc
 8109d3127e691320ea0aac8d10bb8049e5bc2c26 91634 shadow_4.1.1-6.diff.gz
 890ce81171530f32965468c5f1cbb79caca08bd2 872410 passwd_4.1.1-6_i386.deb
 a2b45f1143f7d633108fe433f619c274cbddc278 854400 login_4.1.1-6_i386.deb
Checksums-Sha256: 
 7d3ad5d9a3e64c02786ec7df4482d7ffea30fa2cb9e19b9440979d2c825018af 1542 
shadow_4.1.1-6.dsc
 8a77b2133fc99b1a9abb6a8d9b536dfc2b17755e136e107a52da9d35ddcc1b43 91634 
shadow_4.1.1-6.diff.gz
 e8dc15387131c94d34f99ec0a0aaed871a7ef35d297e2606d519d375332d5123 872410 
passwd_4.1.1-6_i386.deb
 83d14bd3f071865e69d5a15deef310743fd7d8ae038e504c52833a7226dc7fdb 854400 
login_4.1.1-6_i386.deb
Files: 
 86093dda25aa7f6eb4f7bc344d3efd3b 1542 admin required shadow_4.1.1-6.dsc
 c973ab4886b7286556fdb0a482970f3f 91634 admin required shadow_4.1.1-6.diff.gz
 dfefabce28e0634d5cb2f6a9e50f1932 872410 admin required passwd_4.1.1-6_i386.deb
 6485bc7dbdf8bc6b5dbce1c0fcc96c8e 854400 admin required login_4.1.1-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkoROkACgkQWgo5mup89a0lXwCfXfCwKBULRrrXfR6LafqG14Lw
0JcAnidFkWTmd8YgzUbpdXTqinbVDDKu
=t/G0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to