Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
tags 510585 + patch thanks Hi, * Stefan Fritsch s...@sfritsch.de [2009-01-03 14:33]: the following CVE (Common Vulnerabilities Exposures) id was published for netatalk. CVE-2008-5718[0]: | The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers | to execute arbitrary commands via shell metacharacters in a print | request. NOTE: some of these details are obtained from third party | information. [...] Upstream fix: http://netatalk.cvs.sourceforge.net/viewvc/netatalk/netatalk/etc/papd/lp.c?r1=1.16r2=1.17view=patch I can confirm that an attacker can execute arbitrary code without this fix. The output of the pixelate function is just put into popen without any sanitization. Cheers NIco -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgpFJDEn8ck1S.pgp Description: PGP signature
Processed: Re: Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
Processing commands for cont...@bugs.debian.org: tags 510585 + patch Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk Tags were: security Tags added: patch thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tags 510585 pending thanks On Wed, Jan 07, 2009 at 08:11:41PM +0100, Nico Golde wrote: Upstream fix: http://netatalk.cvs.sourceforge.net/viewvc/netatalk/netatalk/etc/papd/lp.c?r1=1.16r2=1.17view=patch I can confirm that an attacker can execute arbitrary code without this fix. The output of the pixelate function is just put into popen without any sanitization. Thanks for isloating and testing the minimal patch. I am almost ready to release a new packaging release based on the upstream prerelease, and will prepare security releases for Etch and Lenny based on above minimal patch. - Jonas - -- * Jonas Smedegaard - idealist og Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkllQcEACgkQn7DbMsAkQLhkdgCfRfQcCVus4vjmxxcIKoT5cXDK 8VsAn2bGCGkJASDTWX8AiR/Y5knJz+v7 =RMx/ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Processed: Re: Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
Processing commands for cont...@bugs.debian.org: tags 510585 pending Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk Tags were: patch security Tags added: pending thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#510585: CVE-2008-5718: arbitrary command execution in papd in netatalk
Package: netatalk Version: 2.0.3-4 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities Exposures) id was published for netatalk. CVE-2008-5718[0]: | The papd daemon in Netatalk before 2.0.4-beta2 allows remote attackers | to execute arbitrary commands via shell metacharacters in a print | request. NOTE: some of these details are obtained from third party | information. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5718 http://security-tracker.debian.net/tracker/CVE-2008-5718 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org