Bug#323482: marked as done (osh: Stack-based Buffer Overflow)

Debian Bug Tracking System Fri, 02 Sep 2005 07:09:27 -0700

Your message dated Fri, 2 Sep 2005 09:52:06 -0400
with message-id <[EMAIL PROTECTED]>
and subject line closing fixed bug
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Aug 2005 23:17:05 +0000
>From [EMAIL PROTECTED] Tue Aug 16 16:17:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 24-180-36-132.static.reno.nv.charter.com (bokeoa.com) 
[24.180.36.132] 
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1E5Ag5-0005DW-00; Tue, 16 Aug 2005 16:17:05 -0700
Received: by bokeoa.com (Postfix, from userid 1000)
        id BD34232A0A; Tue, 16 Aug 2005 16:16:52 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Charles Stevenson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: osh: Stack-based Buffer Overflow
X-Mailer: reportbug 3.15
Date: Tue, 16 Aug 2005 16:16:52 -0700
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: osh
Version: 1.7-13
Severity: critical
Tags: security
Justification: root security hole


http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036123.html

Fully functional exploit works on debian and ubuntu:

http://bokeoa.com/~core/x_osh2.pl

Kind Regards,
Charlie

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11.5
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages osh depends on:
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libncurses5                 5.4-9        Shared libraries for terminal hand
ii  logrotate                   3.7-5        Log rotation utility

osh recommends no packages.

-- no debconf information

---------------------------------------
Received: (at 323424-done) by bugs.debian.org; 2 Sep 2005 13:52:05 +0000
>From [EMAIL PROTECTED] Fri Sep 02 06:52:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
        by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
        id 1EBBxd-00012v-00; Fri, 02 Sep 2005 06:52:05 -0700
Received: from dragon.kitenet.net (va-65-173-90-83.sta.sprint-hsd.net 
[65.173.90.83])
        (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
        (Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
        by kitenet.net (Postfix) with ESMTP id 6E96E18562
        for <[EMAIL PROTECTED]>; Fri,  2 Sep 2005 13:52:05 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
        id A0104BF21F; Fri,  2 Sep 2005 09:52:06 -0400 (EDT)
Date: Fri, 2 Sep 2005 09:52:06 -0400
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: closing fixed bug
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="Qxx1br4bt0+wmkIi"
Content-Disposition: inline
User-Agent: Mutt/1.5.10i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
        version=2.60-bugs.debian.org_2005_01_02


--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Version: 1.7-14

Please CLOSE fixed security issues so that the RC bugs filed on them do
not sit around open and keep them from reaching testing. Thank you.

--=20
see shy jo

--Qxx1br4bt0+wmkIi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDGFkFd8HHehbQuO8RAmCrAKDiB61DBMEinYguvR4VCauAPZAHUwCgplj1
LEQ3Nj02PdCnz95Bmor1mZI=
=bP97
-----END PGP SIGNATURE-----

--Qxx1br4bt0+wmkIi--


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#323482: marked as done (osh: Stack-based Buffer Overflow)

Reply via email to