Debian Bug report logs -
#730691
adequate: CVE-2013-6409: privilege escalation via tty hijacking
Reported by: Jakub Wilk <jwilk@debian.org>
Date: Thu, 28 Nov 2013 09:57:01 UTC
Severity: serious
Tags: security
Found in version adequate/0.4
Fixed in version adequate/0.8.1
Done: Jakub Wilk <jwilk@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, jwilk@debian.org
:
Bug#730691
; Package adequate
.
(Thu, 28 Nov 2013 09:57:06 GMT) (full text, mbox, link).
Message #3 received at submit@bugs.debian.org (full text, mbox, reply):
Package: adequate
Version: 0.4
Severity: serious
Tags: security
Justification: user security hole
If root uses the --user option, then the user can hijack the tty with the
TIOCSTI ioctl.
This is similar to CVE-2005-4890.
--
Jakub Wilk
Added tag(s) pending.
Request was from Jakub Wilk <jwilk@debian.org>
to control@bugs.debian.org
.
(Thu, 28 Nov 2013 10:21:09 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Jakub Wilk <jwilk@debian.org>
:
Bug#730691
; Package adequate
.
(Fri, 29 Nov 2013 08:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>
:
Extra info received and forwarded to list. Copy sent to Jakub Wilk <jwilk@debian.org>
.
(Fri, 29 Nov 2013 08:27:04 GMT) (full text, mbox, link).
Message #10 received at 730691@bugs.debian.org (full text, mbox, reply):
Control: retitle -1 adequate: CVE-2013-6409: privilege escalation via tty hijacking
Hi Jakub,
On Thu, Nov 28, 2013 at 10:53:13AM +0100, Jakub Wilk wrote:
> Package: adequate
> Version: 0.4
> Severity: serious
> Tags: security
> Justification: user security hole
>
> If root uses the --user option, then the user can hijack the tty
> with the TIOCSTI ioctl.
>
> This is similar to CVE-2005-4890.
I have requested a CVE for this. CVE-2013-6409 was assigned for it.
Regards,
Salvatore
Changed Bug title to 'adequate: CVE-2013-6409: privilege escalation via tty hijacking' from 'adequate: privilege escalation via tty hijacking'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to 730691-submit@bugs.debian.org
.
(Fri, 29 Nov 2013 08:27:04 GMT) (full text, mbox, link).
Reply sent
to Jakub Wilk <jwilk@debian.org>
:
You have taken responsibility.
(Fri, 29 Nov 2013 09:21:10 GMT) (full text, mbox, link).
Notification sent
to Jakub Wilk <jwilk@debian.org>
:
Bug acknowledged by developer.
(Fri, 29 Nov 2013 09:21:10 GMT) (full text, mbox, link).
Message #17 received at 730691-close@bugs.debian.org (full text, mbox, reply):
Source: adequate
Source-Version: 0.8.1
We believe that the bug you reported is fixed in the latest version of
adequate, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 730691@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jakub Wilk <jwilk@debian.org> (supplier of updated adequate package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 Nov 2013 11:27:21 +0100
Source: adequate
Binary: adequate
Architecture: source all
Version: 0.8.1
Distribution: unstable
Urgency: medium
Maintainer: Jakub Wilk <jwilk@debian.org>
Changed-By: Jakub Wilk <jwilk@debian.org>
Description:
adequate - Debian package quality testing tool
Closes: 730691
Changes:
adequate (0.8.1) unstable; urgency=medium
.
* Fix possible privilege escalation via tty hijacking (closes: #730691).
+ Switch users only when running ldd.
+ Run ldd with stdin redirected to /dev/null, and without controlling
terminal when run with reduced privileges.
* Bump standards version to 3.9.5 (no changes needed).
Checksums-Sha1:
7ef365addca56192cc0b3f199c190747f35b4163 1597 adequate_0.8.1.dsc
6edbddea4266830550ca652b575361bf57858156 22303 adequate_0.8.1.tar.gz
426892da06b2b1b26efd9e11523590a461e859e9 16636 adequate_0.8.1_all.deb
Checksums-Sha256:
f19126cc509c37315bad2bcab5f33128e8bd043795357312cc276f50d3feffa4 1597 adequate_0.8.1.dsc
ed098eba2302956ca4a2462d4cd3c2086afad9d02b14f9336ce7189760fbb34d 22303 adequate_0.8.1.tar.gz
a22ed27d295c210392d236c910cc248461a6e8b786d104588c00c760635b2d76 16636 adequate_0.8.1_all.deb
Files:
cfb9942eafaf16cb86aae9829c5ffffc 1597 utils optional adequate_0.8.1.dsc
9fb8ca089ded9a7d27ae5c379974b7cd 22303 utils optional adequate_0.8.1.tar.gz
754bc247a5c43f34ae81991cca07dda3 16636 utils optional adequate_0.8.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBCAAGBQJSlxtgAAoJEC1Os6YBVHX1wusP/Ao6mcwkQslPR01oZhqpQWI0
3EqmxdhhP09jqkzTJH+K0MfL9n2fwCKBZYjknovwxu8lnG10/XizLVoBcIS37RmN
SZ5qd7y1jWpfXblDixqjJaSQuNtP5wzQiOQuPGaI17/9gXUpa8V8kYO7Wh4Pg/xY
era0P14befN6knCcjUgh9+i32OzK+IwsAO+XtvJXfNLRP4f+J0MzNRanKNOtP1gD
m4F1krxEUAqPaRrdjj3bucbB+TI92qansbSqOt2o/k3vRPNWhyxFdiDIquMbeTOd
h8ban080cETz5SWXAQzoLSMLLhnNBNrqMpHB6tUDJ5qDRCIz/CZ8PsO67KD31+Ps
sryEZoAgPfwr1yO9q5ebwuwKbLSlcLQVo/pTUrohjMKbJ+GtPmVBLQo1Yd6LJHBp
aYsC8tvsApANa+OJfSH1vEiDUBWEpjnSLELmJVfXMpACiKk35KJuGX4NeyTaEkJi
ZOdU2+fGjFjcPJWdn1OTRk2qdTq01i1+UOsKuyEpvO4YGgUbtLwBVtJ0tU49tVRt
Q4EsolmGKs0zKnONOuWOp5ncXA59pkftCo1gFr957SUPkUTFFYphQ23pNOZCAGGW
PnMzFjUtAjnJgm4Te4liP/pfaQVNPbwRDdc/6F/2b4u5he3huy0xb+09zTdg8xXD
QecdTEXWE4fC9bRpc+E5
=qjSc
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Thu, 02 Jan 2014 07:32:14 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:14:01 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.