[DebianGIS-dev] Bug#508597: marked as done (gpsdriver: allows local users to overwrite arbitrary files via a symlink attack)
Your message dated Mon, 02 Feb 2009 21:47:10 +
with message-id e1lu6dk-0004tc...@ries.debian.org
and subject line Bug#508597: fixed in gpsdrive 2.10~pre4-6.dfsg-1+lenny1
has caused the Debian Bug report #508597,
regarding gpsdriver: allows local users to overwrite arbitrary files via a
symlink attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
508597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: gpsdrive
Version: 2.10~pre4-6.dfsg-1
Tags: security
Severity: important
Hi,
I have found three other attack vectors:
/usr/share/doc/gpsdrive/examples/gpssmswatch:
FILE=/tmp/.smswatch
while [ 1 = 1 ]
do
gnokii --getsms SM 1 $FILE
if [ $? = 0 ];then
gnokii --deletesms SM 1
fi
grep PLSSENDPOS $FILE
if [ $? = 0 ];then
echo -e position request found\n
NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'`
killall -USR1 gpsdrive
echo sending
cat /tmp/gpsdrivepos
echo -e to number $NUMBER\n
gnokii --sendsms $NUMBER /tmp/gpsdrivepos
src/splash.c
f = fopen (/tmp/gpsdrivepos, w);
if (f == NULL)
{
perror (/tmp/gpsdrivepos);
return;
}
time (t);
ts = localtime (t);
fprintf (f, asctime (ts));
fprintf (f, POS %f %f\n, coords.current_lat, coords.current_lon);
fclose (f);
src/unit_test.c:
g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test);
g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test/proc);
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
---End Message---
---BeginMessage---
Source: gpsdrive
Source-Version: 2.10~pre4-6.dfsg-1+lenny1
We believe that the bug you reported is fixed in the latest version of
gpsdrive, which is due to be installed in the Debian FTP archive:
gpsdrive-data_2.10~pre4-6.dfsg-1+lenny1_all.deb
to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-1+lenny1_all.deb
gpsdrive-scripts_2.10~pre4-6.dfsg-1+lenny1_all.deb
to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-1+lenny1_all.deb
gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz
gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc
gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 508...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Mon, 29 Dec 2008 16:08:22 +
Source: gpsdrive
Binary: gpsdrive gpsdrive-data gpsdrive-scripts
Architecture: source i386 all
Version: 2.10~pre4-6.dfsg-1+lenny1
Distribution: testing-proposed-updates
Urgency: low
Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org
Changed-By: Andreas Putzo andr...@putzo.net
Description:
gpsdrive - Car navigation system
gpsdrive-data - Car navigation system
gpsdrive-scripts - Various scripts for gpsdrive
Closes: 508596 508597
Changes:
gpsdrive (2.10~pre4-6.dfsg-1+lenny1) testing-proposed-updates; urgency=low
.
* Remove example script gpssmswatch. Prone to symlink attacks
and removed upstream.
* Added 101-signalposreq.dpatch to remove signalposreq() from
gpsdrive to fix a potential symlink vulnerability. Removed
unused unlinks of temporary files (Closes: #508597,#508596).
* Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to
fix a symlink vulnerability.
* Updated patch for geo-code to avoid a potential race condition
(CVE-2008-5380).
Checksums-Sha1:
b4230f83fbb04b87fce960bbea2103eabb0b9cb2 1607
gpsdrive_2.10~pre4-6.dfsg-1+lenny1.dsc
6e3ece77e70883b80cdf57caac10a7861ac7aa7c 54233
gpsdrive_2.10~pre4-6.dfsg-1+lenny1.diff.gz
48020fe79c9ab20763c92c32c78106d753ded402 273202
gpsdrive_2.10~pre4-6.dfsg-1+lenny1_i386.deb
b119d99dd94c94d99d7bccc931a2438e1b46a81b 2576844
[DebianGIS-dev] Bug#508597: marked as done (gpsdriver: allows local users to overwrite arbitrary files via a symlink attack)
Your message dated Mon, 19 Jan 2009 21:47:08 +
with message-id e1lp1xc-0003yg...@ries.debian.org
and subject line Bug#508597: fixed in gpsdrive 2.10~pre4-6.dfsg-2
has caused the Debian Bug report #508597,
regarding gpsdriver: allows local users to overwrite arbitrary files via a
symlink attack
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
508597: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508597
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: gpsdrive
Version: 2.10~pre4-6.dfsg-1
Tags: security
Severity: important
Hi,
I have found three other attack vectors:
/usr/share/doc/gpsdrive/examples/gpssmswatch:
FILE=/tmp/.smswatch
while [ 1 = 1 ]
do
gnokii --getsms SM 1 $FILE
if [ $? = 0 ];then
gnokii --deletesms SM 1
fi
grep PLSSENDPOS $FILE
if [ $? = 0 ];then
echo -e position request found\n
NUMBER=`grep Sender /tmp/.smswatch|awk '{print $2}'`
killall -USR1 gpsdrive
echo sending
cat /tmp/gpsdrivepos
echo -e to number $NUMBER\n
gnokii --sendsms $NUMBER /tmp/gpsdrivepos
src/splash.c
f = fopen (/tmp/gpsdrivepos, w);
if (f == NULL)
{
perror (/tmp/gpsdrivepos);
return;
}
time (t);
ts = localtime (t);
fprintf (f, asctime (ts));
fprintf (f, POS %f %f\n, coords.current_lat, coords.current_lon);
fclose (f);
src/unit_test.c:
g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test);
g_snprintf (dir_proc, sizeof (dir_proc), /tmp/gpsdrive-unit-test/proc);
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
---End Message---
---BeginMessage---
Source: gpsdrive
Source-Version: 2.10~pre4-6.dfsg-2
We believe that the bug you reported is fixed in the latest version of
gpsdrive, which is due to be installed in the Debian FTP archive:
gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb
to pool/main/g/gpsdrive/gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb
gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb
to pool/main/g/gpsdrive/gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb
gpsdrive_2.10~pre4-6.dfsg-2.diff.gz
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.diff.gz
gpsdrive_2.10~pre4-6.dfsg-2.dsc
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2.dsc
gpsdrive_2.10~pre4-6.dfsg-2_i386.deb
to pool/main/g/gpsdrive/gpsdrive_2.10~pre4-6.dfsg-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 508...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Putzo andr...@putzo.net (supplier of updated gpsdrive package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Mon, 29 Dec 2008 16:08:22 +
Source: gpsdrive
Binary: gpsdrive gpsdrive-data gpsdrive-scripts
Architecture: source i386 all
Version: 2.10~pre4-6.dfsg-2
Distribution: unstable
Urgency: low
Maintainer: Debian GIS Project pkg-grass-devel@lists.alioth.debian.org
Changed-By: Andreas Putzo andr...@putzo.net
Description:
gpsdrive - Car navigation system
gpsdrive-data - Car navigation system
gpsdrive-scripts - Various scripts for gpsdrive
Closes: 508596 508597
Changes:
gpsdrive (2.10~pre4-6.dfsg-2) unstable; urgency=low
.
* Remove example script gpssmswatch. Prone to symlink attacks
and removed upstream.
* Added 101-signalposreq.dpatch to remove signalposreq() from
gpsdrive to fix a potential symlink vulnerability. Removed
unused unlinks of temporary files (Closes: #508597,#508596).
* Added 102-unittest.dpatch to use mkdtemp in src/unit_test.c to
fix a symlink vulnerability.
* Updated patch for geo-code to avoid a potential race condition
(CVE-2008-5380).
Checksums-Sha1:
bbe259716dfd75dd011edf77a485b373e3cb911f 1579 gpsdrive_2.10~pre4-6.dfsg-2.dsc
2a90ad8bef2f7714d58ccb25e6a605bb26866fca 55332
gpsdrive_2.10~pre4-6.dfsg-2.diff.gz
e3c77ad451d56e231bdeb230d0a90bca762a9eb6 273176
gpsdrive_2.10~pre4-6.dfsg-2_i386.deb
ba84ead1c165029934b60cf1bd1b02770f1ec045 2576832
gpsdrive-data_2.10~pre4-6.dfsg-2_all.deb
b6c8ed24604d67d0696d5f84c51717ae71d247ea 150964
gpsdrive-scripts_2.10~pre4-6.dfsg-2_all.deb
Checksums-Sha256:
