Launchpad has imported 14 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=674129.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2011-01-31T18:04:37+00:00 Vincent wrote: Two vulnerabilities were reported [1],[2] in gypsy, a GPS multiplexing daemon. The first is that it reads arbitrary files as the root user on behalf of a regular user (CVE-2011-0523). The second is that there is a buffer overflow in nmea device input handling which could potentially lead to privilege escalation (CVE-2011-0524). Both issues have been reported upstream [3], however there has been no response (the Ubuntu bug indicates upstream was noticed 20101214 with no response. There is also a SUSE bug [4] with some further information. [1] http://article.gmane.org/gmane.comp.security.oss.general/4124 [2] https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323 [3] https://bugs.freedesktop.org/show_bug.cgi?id=33431 [4] https://bugzilla.novell.com/show_bug.cgi?id=666839#c3 Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/13 ------------------------------------------------------------------------ On 2011-01-31T18:08:01+00:00 Vincent wrote: It also looks as though this software may be abandoned. There is no upstream activity since June 2010: http://cgit.freedesktop.org/gypsy/ Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/14 ------------------------------------------------------------------------ On 2011-01-31T18:08:38+00:00 Vincent wrote: Created gypsy tracking bugs for this issue Affects: fedora-all [bug 674131] Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/15 ------------------------------------------------------------------------ On 2011-01-31T18:13:18+00:00 Peter wrote: Upstream isn't abandoned but there's not a lot of churn. I'll poke upstream directly to get a response. Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/16 ------------------------------------------------------------------------ On 2011-01-31T18:30:52+00:00 Vincent wrote: Many thanks for that, Peter. Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/17 ------------------------------------------------------------------------ On 2011-04-07T19:33:53+00:00 Josh wrote: Hi Peter, Any update on this from upstream? Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/22 ------------------------------------------------------------------------ On 2011-04-08T08:20:31+00:00 Peter wrote: I reported it on the meego bugzilla as I'd not got any response from the maintainers. https://bugs.meego.com/show_bug.cgi?id=14396 It seems there's a patch been added (only just saw it) but I'm not able to make a judgement on whether it fixes the problem. Quite happy to patch and push it in Fedora if someone can review and ACK it. Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/23 ------------------------------------------------------------------------ On 2011-04-28T21:31:58+00:00 Vincent wrote: Peter, can you attach the patch to this bug? I tried to load up that bug and don't have an account there (so I suspect I won't have privileges if I go ahead and make one). You can make the attachment private (or email it to me directly perhaps). Thanks, Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/24 ------------------------------------------------------------------------ On 2011-04-28T22:26:51+00:00 Peter wrote: I've emailed it as I couldn't see how to set the attachment as private, only the entire bug. Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/25 ------------------------------------------------------------------------ On 2011-04-28T23:35:37+00:00 Vincent wrote: Thanks, Peter. I've got it. I think that patch should be ok; might be nice to get it into Fedora and test it out if nothing else. The patch only addresses CVE-2011-0523 (the first issue) from what I can tell, and not the buffer overflow in nmea device handling. Has that been discussed upstream at all? I still see no activity in the upstream git -- do we know if this patch will land there? Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/26 ------------------------------------------------------------------------ On 2011-10-12T11:21:02+00:00 Bastien wrote: Waiting on upstream to review the patches: https://bugs.freedesktop.org/show_bug.cgi?id=33431 Feel free to comment there about the patch itself, and I'll iterate. Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/29 ------------------------------------------------------------------------ On 2012-01-24T14:56:05+00:00 Ramon wrote: Hi Bastien, do you have any update on this? Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/36 ------------------------------------------------------------------------ On 2012-05-18T14:02:01+00:00 Stefan wrote: Created gypsy tracking bugs for this issue Affects: fedora-all [bug 822922] Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/59 ------------------------------------------------------------------------ On 2016-03-10T19:55:26+00:00 Peter wrote: Upstream is dead, It's been retired in F-24+ Reply at: https://bugs.launchpad.net/ubuntu/+source/gypsy/+bug/690323/comments/65 ** Changed in: gypsy (Fedora) Status: Unknown => Invalid ** Changed in: gypsy (Fedora) Importance: Unknown => Medium ** Bug watch added: Meego #14396 http://bugs.meego.com/show_bug.cgi?id=14396 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to gypsy in Ubuntu. https://bugs.launchpad.net/bugs/690323 Title: gypsy opens arbitrary files, has unchecked buffer overflows Status in Gypsy: Fix Released Status in gypsy package in Ubuntu: Fix Released Status in gypsy source package in Maverick: Fix Released Status in gypsy source package in Natty: Fix Released Status in gypsy source package in Oneiric: Fix Released Status in gypsy package in Fedora: Invalid Status in gypsy package in Suse: Fix Released Bug description: Regular users can request that arbitrary files be opened for reading. In the best case, this is a denial of service. Worst-case, this could lead to information disclosure or privilege escalation. ** (gypsy-daemon:23540): DEBUG: Creating client for /etc/shadow ** (gypsy-daemon:23540): DEBUG: Device name: shadow ** (gypsy-daemon:23540): DEBUG: Registered client on /org/freedesktop/Gypsy/shadow ** (gypsy-daemon:23540): DEBUG: Starting connection to /etc/shadow ** (gypsy-daemon:23540): DEBUG: Starting connection to /etc/shadow open("/etc/shadow", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 6 open("/etc/shadow", O_RDWR|O_NOCTTY|O_NONBLOCK) = 7 ** (gypsy-daemon:23540): DEBUG: GPS channel can connect There appear to be unchecked buffer overflows as well in gps_channel_garmin_input() via nmeabuf and nmea_gpgsv(), which could be used in an attack. (If the local user attaches gypsy to a pseudo- tty they might be able to trick the string handling.) ProblemType: Bug DistroRelease: Ubuntu 11.04 Package: gypsy-daemon 0.8-0ubuntu1 ProcVersionSignature: Ubuntu 2.6.37-9.22-generic 2.6.37-rc5 Uname: Linux 2.6.37-9-generic x86_64 Architecture: amd64 Date: Tue Dec 14 11:23:26 2010 ProcEnviron: LANGUAGE=en_US:en PATH=(custom, user) LANG=en_US.utf8 SHELL=/bin/bash SourcePackage: gypsy To manage notifications about this bug go to: https://bugs.launchpad.net/gypsy/+bug/690323/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
