Your message dated Tue, 14 Apr 2015 18:05:39 +0200
with message-id <[email protected]>
and subject line Re: Bug#782563: unblock: ppp/2.4.6-3.1
has caused the Debian Bug report #782563,
regarding unblock: ppp/2.4.6-3.1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
782563: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782563
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
User: [email protected]
Usertags: unblock
Please unblock ppp/2.4.6-3.1. It fixes a DoS vulnerability in the pppd
radius plugin.
Thanks,
ema
diff -Nru ppp-2.4.6/debian/changelog ppp-2.4.6/debian/changelog
--- ppp-2.4.6/debian/changelog 2014-10-19 11:56:12.000000000 +0200
+++ ppp-2.4.6/debian/changelog 2015-04-14 08:29:42.000000000 +0200
@@ -1,3 +1,16 @@
+ppp (2.4.6-3.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Urgency high due to fix for DoS vulnerability.
+ * Fix buffer overflow in rc_mksid().
+ The function converts the PID of pppd to hex to generate a pseudo-unique
+ string. If the process id is bigger than 65535 (FFFF), its hex
+ representation will be longer than 4 characters, resulting in a buffer
+ overflow. This bug can be exploited to cause a remote DoS.
+ (Closes: #782450)
+
+ -- Emanuele Rocca <[email protected]> Tue, 14 Apr 2015 08:18:06 +0200
+
ppp (2.4.6-3) unstable; urgency=high
* Urgency high due to fix for CVE-2014-3158.
diff -Nru ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow
--- ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 1970-01-01
01:00:00.000000000 +0100
+++ ppp-2.4.6/debian/patches/rc_mksid-no-buffer-overflow 2015-04-14
08:27:53.000000000 +0200
@@ -0,0 +1,23 @@
+Description: Fix buffer overflow in rc_mksid()
+ rc_mksid converts the PID of pppd to hex to generate a pseudo-unique string.
+ .
+ If the process id is bigger than 65535 (FFFF), its hex representation will be
+ longer than 4 characters, resulting in a buffer overflow.
+ .
+ The bug can be exploited to cause a remote DoS.
+ .
+Author: Emanuele Rocca <[email protected]>
+Bug-Debian: https://bugs.debian.org/782450
+Last-Update: <2015-04-14>
+
+--- ppp-2.4.6.orig/pppd/plugins/radius/util.c
++++ ppp-2.4.6/pppd/plugins/radius/util.c
+@@ -77,7 +77,7 @@ rc_mksid (void)
+ static unsigned short int cnt = 0;
+ sprintf (buf, "%08lX%04X%02hX",
+ (unsigned long int) time (NULL),
+- (unsigned int) getpid (),
++ (unsigned int) getpid () % 65535,
+ cnt & 0xFF);
+ cnt++;
+ return buf;
diff -Nru ppp-2.4.6/debian/patches/series ppp-2.4.6/debian/patches/series
--- ppp-2.4.6/debian/patches/series 2014-10-19 11:49:55.000000000 +0200
+++ ppp-2.4.6/debian/patches/series 2015-04-14 08:17:39.000000000 +0200
@@ -43,3 +43,4 @@
resolv.conf_no_log
zzz_config
secure-card-interpreter-fix
+rc_mksid-no-buffer-overflow
--- End Message ---
--- Begin Message ---
Hi,
On Tue, Apr 14, 2015 at 05:55:13PM +0200, Cyril Brulebois wrote:
> > On Tue, Apr 14, 2015 at 11:18:34AM +0200, Emanuele Rocca wrote:
> > > Please unblock ppp/2.4.6-3.1. It fixes a DoS vulnerability in the pppd
> > > radius plugin.
> >
> > This need a d-i ack (Cc'ed kibi, diff quoted below).
>
> Fun… no objections, thanks.
OK, add unblock and unblock-udeb.
Cheers,
Ivo
--- End Message ---
