[DebianGIS-dev] Bug#508597: marked as done (gpsdriver: allows local users to overwrite arbitrary files via a symlink attack)
Your message dated Mon, 02 Feb 2009 21:47:10 + with message-id e1lu6dk-0004tc...@ries.debian.org and subject line Bug#508597: fixed in gpsdrive 2.10~pre4-6.dfsg-1+lenny1 has caused the Debian Bug report #508597, regarding gpsdriver: allows local users to overwrite arbitrary files via a symlink attack to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gpsdrive Version: 2.10~pre4-6.dfsg-1 Tags: security Severity: important Hi, I have found three other attack vectors: /usr/share/doc/gpsdrive/examples/gpssmswatch: FILE=/tmp/.smswatch while [ 1 = 1 ] do gnokii --getsms SM 1 $FILE if [ $? = 0 ];then gnokii --deletesms SM 1 fi grep PLSSENDPOS $FILE if [ $? = 0 ];then echo -e position request found\n NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'` killall -USR1 gpsdrive echo sending cat /tmp/gpsdrivepos echo -e to number $NUMBER\n gnokii --sendsms $NUMBER /tmp/gpsdrivepos src/splash.c f = fopen (/tmp/gpsdrivepos, w); if (f == NULL) { perror (/tmp/gpsdrivepos); return; } time (t); ts = localtime (t); fprintf (f, asctime (ts)); fprintf (f, POS %f %f\n, coords.current_lat, coords.current_lon); fclose (f); src/unit_test.c: g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test); g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test/proc); Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: gpsdrive Source-Version: 2.10~pre4-6.dfsg-1+lenny1 We believe that the bug you reported is fixed in the latest version of gpsdrive, which is due to be installed in the Debian FTP archive: gpsdrive-data_2.10~pre4-6.dfsg-1+lenny1_all.deb to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-1+lenny1_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-1+lenny1_all.deb to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-1+lenny1_all.deb gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 29 Dec 2008 16:08:22 + Source: gpsdrive Binary: gpsdrive gpsdrive-data gpsdrive-scripts Architecture: source i386 all Version: 2.10~pre4-6.dfsg-1+lenny1 Distribution: testing-proposed-updates Urgency: low Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org Changed-By: Andreas Putzo andr...@putzo.net Description: gpsdrive - Car navigation system gpsdrive-data - Car navigation system gpsdrive-scripts - Various scripts for gpsdrive Closes: 508596 508597 Changes: gpsdrive (2.10~pre4-6.dfsg-1+lenny1) testing-proposed-updates; urgency=low . * Remove example script gpssmswatch. Prone to symlink attacks and removed upstream. * Added 101-signalposreq.dpatch to remove signalposreq() from gpsdrive to fix a potential symlink vulnerability. Removed unused unlinks of temporary files (Closes: #508597,#508596). * Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to fix a symlink vulnerability. * Updated patch for geo-code to avoid a potential race condition (CVE-2008-5380). Checksums-Sha1: b4230f83fbb04b87fce960bbea2103eabb0b9cb2 1607 gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc 6e3ece77e70883b80cdf57caac10a7861ac7aa7c 54233 gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz 48020fe79c9ab20763c92c32c78106d753ded402 273202 gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb b119d99dd94c94d99d7bccc931a2438e1b46a81b 2576844
[DebianGIS-dev] Bug#508597: marked as done (gpsdriver: allows local users to overwrite arbitrary files via a symlink attack)
Your message dated Mon, 19 Jan 2009 21:47:08 + with message-id e1lp1xc-0003yg...@ries.debian.org and subject line Bug#508597: fixed in gpsdrive 2.10~pre4-6.dfsg-2 has caused the Debian Bug report #508597, regarding gpsdriver: allows local users to overwrite arbitrary files via a symlink attack to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 508597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: gpsdrive Version: 2.10~pre4-6.dfsg-1 Tags: security Severity: important Hi, I have found three other attack vectors: /usr/share/doc/gpsdrive/examples/gpssmswatch: FILE=/tmp/.smswatch while [ 1 = 1 ] do gnokii --getsms SM 1 $FILE if [ $? = 0 ];then gnokii --deletesms SM 1 fi grep PLSSENDPOS $FILE if [ $? = 0 ];then echo -e position request found\n NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'` killall -USR1 gpsdrive echo sending cat /tmp/gpsdrivepos echo -e to number $NUMBER\n gnokii --sendsms $NUMBER /tmp/gpsdrivepos src/splash.c f = fopen (/tmp/gpsdrivepos, w); if (f == NULL) { perror (/tmp/gpsdrivepos); return; } time (t); ts = localtime (t); fprintf (f, asctime (ts)); fprintf (f, POS %f %f\n, coords.current_lat, coords.current_lon); fclose (f); src/unit_test.c: g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test); g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test/proc); Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net signature.asc Description: This is a digitally signed message part. ---End Message--- ---BeginMessage--- Source: gpsdrive Source-Version: 2.10~pre4-6.dfsg-2 We believe that the bug you reported is fixed in the latest version of gpsdrive, which is due to be installed in the Debian FTP archive: gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb gpsdrive_2.10~pre4-6.dfsg-2.diff.gz to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.diff.gz gpsdrive_2.10~pre4-6.dfsg-2.dsc to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.dsc gpsdrive_2.10~pre4-6.dfsg-2_i386.deb to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 508...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Mon, 29 Dec 2008 16:08:22 + Source: gpsdrive Binary: gpsdrive gpsdrive-data gpsdrive-scripts Architecture: source i386 all Version: 2.10~pre4-6.dfsg-2 Distribution: unstable Urgency: low Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org Changed-By: Andreas Putzo andr...@putzo.net Description: gpsdrive - Car navigation system gpsdrive-data - Car navigation system gpsdrive-scripts - Various scripts for gpsdrive Closes: 508596 508597 Changes: gpsdrive (2.10~pre4-6.dfsg-2) unstable; urgency=low . * Remove example script gpssmswatch. Prone to symlink attacks and removed upstream. * Added 101-signalposreq.dpatch to remove signalposreq() from gpsdrive to fix a potential symlink vulnerability. Removed unused unlinks of temporary files (Closes: #508597,#508596). * Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to fix a symlink vulnerability. * Updated patch for geo-code to avoid a potential race condition (CVE-2008-5380). Checksums-Sha1: bbe259716dfd75dd011edf77a485b373e3cb911f 1579 gpsdrive_2.10~pre4-6.dfsg-2.dsc 2a90ad8bef2f7714d58ccb25e6a605bb26866fca 55332 gpsdrive_2.10~pre4-6.dfsg-2.diff.gz e3c77ad451d56e231bdeb230d0a90bca762a9eb6 273176 gpsdrive_2.10~pre4-6.dfsg-2_i386.deb ba84ead1c165029934b60cf1bd1b02770f1ec045 2576832 gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb b6c8ed24604d67d0696d5f84c51717ae71d247ea 150964 gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb Checksums-Sha256: