Debian Bug report logs -
#638198
CVE-2011-2910: Missing return checks
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Wed, 17 Aug 2011 15:54:02 UTC
Severity: grave
Tags: patch, security
Fixed in version ax25-tools/0.0.8-13.2
Done: Luk Claes <luk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Wed, 17 Aug 2011 15:54:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Wed, 17 Aug 2011 15:54:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: ax25-tools
Severity: grave
Tags: security
Please see http://seclists.org/oss-sec/2011/q3/300
This is CVE-2011-2910. This doesn't warrant a DSA, but could be fixed
in a point update.
Cheers,
Moritz
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Thu, 18 Aug 2011 10:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Osterried <thomas@x-berg.in-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Thu, 18 Aug 2011 10:48:09 GMT) (full text, mbox, link).
Message #10 received at submit@bugs.debian.org (full text, mbox, reply):
Fixed now in the upstream version.
vy 73,
- Thomas dl9sau
On 2011-08-17 17:50:56 +0200, Moritz Muehlenhoff <muehlenhoff@univention.de>
wrote in <20110817155056.16597.89674.reportbug@irma.knut.univention.de>:
> Package: ax25-tools
> Severity: grave
> Tags: security
>
> Please see http://seclists.org/oss-sec/2011/q3/300
>
> This is CVE-2011-2910. This doesn't warrant a DSA, but could be fixed
> in a point update.
>
> Cheers,
> Moritz
>
>
>
> --
> To UNSUBSCRIBE, email to debian-hams-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: http://lists.debian.org/20110817155056.16597.89674.reportbug@irma.knut.univention.de
>
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Thu, 18 Aug 2011 10:48:22 GMT) (full text, mbox, link).
Acknowledgement sent
to Thomas Osterried <thomas@x-berg.in-berlin.de>:
Extra info received and forwarded to list. Copy sent to Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Thu, 18 Aug 2011 10:48:26 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Thu, 18 Aug 2011 13:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Ralf Baechle <ralf@linux-mips.org>:
Extra info received and forwarded to list. Copy sent to Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Thu, 18 Aug 2011 13:36:03 GMT) (full text, mbox, link).
Message #20 received at 638198@bugs.debian.org (full text, mbox, reply):
Severity grave is grossly overexagerated. Triggering this is only
possible by very weird security configuration such as root without
CAP_SETUID or an even more weird LSM that restricts root from dropping
privileges.
Don't panic.
Ralf
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Sun, 01 Jan 2012 14:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Luk Claes <luk@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Sun, 01 Jan 2012 14:21:07 GMT) (full text, mbox, link).
Message #25 received at 638198@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tags 638198 + patch
tags 638198 + pending
thanks
Dear maintainer,
I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
uploaded it to DELAYED/02. Please feel free to tell me if I
should delay it longer.
Cheers
Luk
[ax25-tools-0.0.8-13.2-nmu.diff (text/x-diff, attachment)]
Added tag(s) patch.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sun, 01 Jan 2012 14:21:12 GMT) (full text, mbox, link).
Added tag(s) pending.
Request was from Luk Claes <luk@debian.org>
to control@bugs.debian.org.
(Sun, 01 Jan 2012 14:21:13 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Hamradio Maintainers <debian-hams@lists.debian.org>:
Bug#638198; Package ax25-tools.
(Sun, 01 Jan 2012 14:33:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Cristau <jcristau@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Hamradio Maintainers <debian-hams@lists.debian.org>.
(Sun, 01 Jan 2012 14:33:07 GMT) (full text, mbox, link).
Message #34 received at 638198@bugs.debian.org (full text, mbox, reply):
On Sun, Jan 1, 2012 at 15:18:55 +0100, Luk Claes wrote:
> tags 638198 + patch
> tags 638198 + pending
> thanks
>
> Dear maintainer,
>
> I've prepared an NMU for ax25-tools (versioned as 0.0.8-13.2) and
> uploaded it to DELAYED/02. Please feel free to tell me if I
> should delay it longer.
>
A couple comments on the patch...
> diff -u ax25-tools-0.0.8/debian/changelog ax25-tools-0.0.8/debian/changelog
> --- ax25-tools-0.0.8/debian/changelog
> +++ ax25-tools-0.0.8/debian/changelog
> @@ -1,3 +1,11 @@
> +ax25-tools (0.0.8-13.2) unstable; urgency=medium
> +
> + * Non-maintainer upload.
> + * ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
> + Closes: #638198.
> +
> + -- Luk Claes <luk@debian.org> Sun, 01 Jan 2012 15:13:41 +0100
> +
> ax25-tools (0.0.8-13.1) unstable; urgency=low
>
> * Retiring - remove myself from the uploaders list.
> only in patch4:
> unchanged:
> --- ax25-tools-0.0.8.orig/ax25/beacon.c
> +++ ax25-tools-0.0.8/ax25/beacon.c
> @@ -43,7 +43,7 @@
> struct full_sockaddr_ax25 dest;
> struct full_sockaddr_ax25 src;
> int s, n, dlen, len, interval = 30;
> - char addr[20], *port, *message, *portcall;
> + char *addr, *port, *message, *portcall;
> char *srccall = NULL, *destcall = NULL;
>
> while ((n = getopt(argc, argv, "c:d:lmst:v")) != -1) {
> @@ -100,27 +100,36 @@
> return 1;
> }
>
> + addr = NULL;
dead store.
> if (mail)
> - strcpy(addr, "MAIL");
> + addr = strdup("MAIL");
> else if (destcall != NULL)
> - strcpy(addr, destcall);
> + addr = strdup(destcall);
> else
> - strcpy(addr, "IDENT");
> + addr = strdup("IDENT");
> + if (addr == NULL)
> + return 1;
>
> if ((dlen = ax25_aton(addr, &dest)) == -1) {
> fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
> return 1;
> }
> + if (addr != NULL) free(addr); addr = NULL;
you already know addr is != NULL.
>
> - if (srccall != NULL && strcmp(srccall, portcall) != 0)
> + if (srccall != NULL && strcmp(srccall, portcall) != 0) {
> + if ((addr = (char *) malloc(strlen(srccall) + 1 + strlen(portcall) + 1)) == NULL)
useless cast.
> + return 1;
> sprintf(addr, "%s %s", srccall, portcall);
> - else
> - strcpy(addr, portcall);
> + } else {
> + if ((addr = strdup(portcall)) == NULL)
> + return 1;
> + }
>
> if ((len = ax25_aton(addr, &src)) == -1) {
> fprintf(stderr, "beacon: unable to convert callsign '%s'\n", addr);
> return 1;
> }
> + if (addr != NULL) free(addr); addr = NULL;
useless check
>
> if (!single) {
> if (!daemon_start(FALSE)) {
Cheers,
Julien
Reply sent
to Luk Claes <luk@debian.org>:
You have taken responsibility.
(Tue, 03 Jan 2012 15:06:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Tue, 03 Jan 2012 15:06:21 GMT) (full text, mbox, link).
Message #39 received at 638198-close@bugs.debian.org (full text, mbox, reply):
Source: ax25-tools
Source-Version: 0.0.8-13.2
We believe that the bug you reported is fixed in the latest version of
ax25-tools, which is due to be installed in the Debian FTP archive:
ax25-tools_0.0.8-13.2.diff.gz
to main/a/ax25-tools/ax25-tools_0.0.8-13.2.diff.gz
ax25-tools_0.0.8-13.2.dsc
to main/a/ax25-tools/ax25-tools_0.0.8-13.2.dsc
ax25-tools_0.0.8-13.2_i386.deb
to main/a/ax25-tools/ax25-tools_0.0.8-13.2_i386.deb
ax25-xtools_0.0.8-13.2_i386.deb
to main/a/ax25-tools/ax25-xtools_0.0.8-13.2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 638198@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Luk Claes <luk@debian.org> (supplier of updated ax25-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 01 Jan 2012 15:13:41 +0100
Source: ax25-tools
Binary: ax25-tools ax25-xtools
Architecture: source i386
Version: 0.0.8-13.2
Distribution: unstable
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Luk Claes <luk@debian.org>
Description:
ax25-tools - tools for AX.25 interface configuration
ax25-xtools - tools for AX.25 interface configuration -- X11-based
Closes: 638198
Changes:
ax25-tools (0.0.8-13.2) unstable; urgency=medium
.
* Non-maintainer upload.
* ax25/beacon.c: fix possible privilege escalation CVE-2011-2910
Closes: #638198.
Checksums-Sha1:
1c48fdafb06a751887f76f1363a1373e1e1afc33 1377 ax25-tools_0.0.8-13.2.dsc
83b7a3ab576984ffa1e48d63e0dc5f6b69328763 134797 ax25-tools_0.0.8-13.2.diff.gz
43b023adb3050ce6ee91d354db8dc44c533d46c5 228428 ax25-tools_0.0.8-13.2_i386.deb
85b2060c755247f0eb4f5e84e37029b8def4b27e 43034 ax25-xtools_0.0.8-13.2_i386.deb
Checksums-Sha256:
3c31566df0054a0b62abdcf4ee4c5f10df71c4d2373178d932a8e870dce7a588 1377 ax25-tools_0.0.8-13.2.dsc
7048bef4719dff8976da4bc2cd78bbdb9ae90312280189da513f401766376247 134797 ax25-tools_0.0.8-13.2.diff.gz
26ef7f54a09505810220dff9ea8b59aafa992f1438fc45231c66b651f79af908 228428 ax25-tools_0.0.8-13.2_i386.deb
9cb2b57a3fc6505adaf06b1701082c5c97064d665cdd2b71541ead371766a26e 43034 ax25-xtools_0.0.8-13.2_i386.deb
Files:
f8e828efa5180b260b26143ed514e772 1377 hamradio extra ax25-tools_0.0.8-13.2.dsc
9e3a96e23a74c97886e1a587dde6c5e9 134797 hamradio extra ax25-tools_0.0.8-13.2.diff.gz
2d3993cc0c9c46131d48d92b021a92d5 228428 hamradio extra ax25-tools_0.0.8-13.2_i386.deb
7972abbe04494f64a7f898ee6c0f6118 43034 hamradio extra ax25-xtools_0.0.8-13.2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk8Aa10ACgkQ5UTeB5t8Mo0cAACfeSgWh5XCHy6ZiQVbkFkU2hSC
0HUAn38s/RxOlp3knsjfMCTONbVAqc3E
=IHuO
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jun 2013 08:32:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:19:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon