Debian Bug report logs -
#858872
eject: CVE-2017-6964: dmcrypt-get-device does not check the return values of setuid() or setgid()
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 28 Mar 2017 04:18:02 UTC
Severity: grave
Tags: patch, security
Found in version eject/2.1.5+deb1+cvs20081104-13
Fixed in versions eject/2.1.5+deb1+cvs20081104-13.2, eject/2.1.5+deb1+cvs20081104-13.1+deb8u1
Done: Salvatore Bonaccorso <carnil@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Frank Lichtenheld <djpig@debian.org>:
Bug#858872; Package src:eject.
(Tue, 28 Mar 2017 04:18:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Frank Lichtenheld <djpig@debian.org>.
(Tue, 28 Mar 2017 04:18:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: eject
Version: 2.1.5+deb1+cvs20081104-13
Severity: grave
Tags: patch security
Hi,
the following vulnerability was published for eject.
CVE-2017-6964[0]:
| dmcrypt-get-device, as shipped in the eject package of Debian and
| Ubuntu, does not check the return value of the (1) setuid or (2) setgid
| function, which might cause dmcrypt-get-device to execute code, which
| was intended to run as an unprivileged user, as root. This affects
| eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before
| 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject
| before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS,
| eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04
| LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04
| LTS.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-6964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6964
I prepared an update for sid, which I will attack as debdiff here as
soon I have the bug number.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org, Frank Lichtenheld <djpig@debian.org>:
Bug#858872; Package src:eject.
(Tue, 28 Mar 2017 04:30:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Frank Lichtenheld <djpig@debian.org>.
(Tue, 28 Mar 2017 04:30:03 GMT) (full text, mbox, link).
Message #10 received at 858872@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Control: tags -1 + patch
Attached debdiff for sid. Same will go for jessie-security.
Regards,
Salvatore
[eject_2.1.5+deb1+cvs20081104-13.2.debdiff (text/plain, attachment)]
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Tue, 28 Mar 2017 04:51:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Tue, 28 Mar 2017 04:51:03 GMT) (full text, mbox, link).
Message #15 received at 858872-close@bugs.debian.org (full text, mbox, reply):
Source: eject
Source-Version: 2.1.5+deb1+cvs20081104-13.2
We believe that the bug you reported is fixed in the latest version of
eject, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 858872@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated eject package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Mar 2017 06:22:15 +0200
Source: eject
Binary: eject eject-udeb
Architecture: source
Version: 2.1.5+deb1+cvs20081104-13.2
Distribution: unstable
Urgency: high
Maintainer: Frank Lichtenheld <djpig@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 858872
Description:
eject - ejects CDs and operates CD-Changers under Linux
eject-udeb - ejects CDs from d-i menu (udeb)
Changes:
eject (2.1.5+deb1+cvs20081104-13.2) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2017-6964: Check the return values when dropping privileges
(Closes: #858872)
Package-Type: udeb
Checksums-Sha1:
fa67abbb1b80373788f7f9c12fa59b605f6214d0 2236 eject_2.1.5+deb1+cvs20081104-13.2.dsc
1f800c4ce68c31afc025960ab5a694e732d85df6 140465 eject_2.1.5+deb1+cvs20081104-13.2.diff.gz
Checksums-Sha256:
e48be81468b2b97a9bfa5e308d29f780e5a50ef9bc672142e3302fd98e40066f 2236 eject_2.1.5+deb1+cvs20081104-13.2.dsc
22451a0479d9aeec204af73477df2963714551d86376d02758b57bdb1eadf4e8 140465 eject_2.1.5+deb1+cvs20081104-13.2.diff.gz
Files:
ed78e5069a0b4285684cd20fcd0030bd 2236 utils optional eject_2.1.5+deb1+cvs20081104-13.2.dsc
9a93b86cbad5dfdd424bd2875bcf2cda 140465 utils optional eject_2.1.5+deb1+cvs20081104-13.2.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljZ6lBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EcNMP/1E9BL+KDciWF3uqoXD3zSrPafc8prgk
gTnxflNmRNIF4ON8AYXyIqZM/cibJPz2Fz6FZahvnJzzclO5RUkA+AhJekl+vnwa
dr0m/2rU363E2zuEBmyusJyNFXgBgaw/l/W2r308Pmpg6DvBDcjs+MryPjTlrGdd
RrEGfw6CakKFVcURzDiFwbPTRUcJv790e8II99/bPLfSbxM5rkRaYoq012JnEO3s
LCR7qeOINB6q1Sl1/9/8rPxz9h8ZsWWA+XXNYcuNK4pLrEUD4k5tcDciqaiszu6a
Nf9/z6itn5h6T+HsHziTBBo/uCxW1T2/XqqI9OI9cqUvYqy7Yts9lAp1yOAvcxHz
9LHDMdhf67T2PRirxQTVl4RI5GdqAARtmbnugY2Taax0FkN3kSzO+oPGdzJ0IwEO
c8AyHKqpaZoEF6N2jBGyjlUkBv0V/mqnbR2hMCNzJIv3RLqavfjwrcjAuBz+w4ar
S0dnC/oyyxjm6UEYKEVs6iGUHJKQWTA3MUHEo0GY4AYW75QV0oMOgLwdy+pJh4VG
RiNKaiXbTG3I74alR+1esM+u3C4OK4OhUDCq/c2Nh5yNVJbcRyKiokFg0VRvPG1w
siMHfY7cLzC5WVVkttiw+zq3+TCVXRzcxWYLw1ocUsCR+c8EM4XmIUiiVtceTiha
dvcbeYwlhVPk
=J/iW
-----END PGP SIGNATURE-----
Reply sent
to Salvatore Bonaccorso <carnil@debian.org>:
You have taken responsibility.
(Thu, 30 Mar 2017 19:51:07 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Thu, 30 Mar 2017 19:51:07 GMT) (full text, mbox, link).
Message #20 received at 858872-close@bugs.debian.org (full text, mbox, reply):
Source: eject
Source-Version: 2.1.5+deb1+cvs20081104-13.1+deb8u1
We believe that the bug you reported is fixed in the latest version of
eject, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 858872@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated eject package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 28 Mar 2017 06:58:03 +0200
Source: eject
Binary: eject eject-udeb
Architecture: source
Version: 2.1.5+deb1+cvs20081104-13.1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Frank Lichtenheld <djpig@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 858872
Description:
eject - ejects CDs and operates CD-Changers under Linux
eject-udeb - ejects CDs from d-i menu (udeb)
Changes:
eject (2.1.5+deb1+cvs20081104-13.1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2017-6964: Check the return values when dropping privileges
(Closes: #858872)
Package-Type: udeb
Checksums-Sha1:
721f5bec97aaa0047ac59d4ea58756ac79598208 2264 eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.dsc
02d4ee28eca087d4dada24d31cb3db97de7438f0 120658 eject_2.1.5+deb1+cvs20081104.orig.tar.gz
d18466ffcfd954cbe883e89f1b449c5d3355de78 140573 eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.diff.gz
Checksums-Sha256:
de29507139b05a0d705b7d7432eb231ca29470726b62925db9cdb1091df5e231 2264 eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.dsc
f5c457b92d7bfc20924ebdc8515661222b40e036eae6e2fada4220d47884e9c1 120658 eject_2.1.5+deb1+cvs20081104.orig.tar.gz
0085e7a025b27bf4e6585fd297bd245941dbd67c2c30899e3f19833e4d61ad55 140573 eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.diff.gz
Files:
4a30de258f017cf5ceac9d9e9fb48a54 2264 utils optional eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.dsc
20c77cab9012d3961243e39b3af87562 120658 utils optional eject_2.1.5+deb1+cvs20081104.orig.tar.gz
11dfa1d2ebfb16d9d7554964e734f706 140573 utils optional eject_2.1.5+deb1+cvs20081104-13.1+deb8u1.diff.gz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAljZ7xVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EzBIP/3JEWC/j6prRgku5ciAjZTWtkVrpRVU4
lXVljXl9LOxEZJyGDghPm7z0dYY2r5RfjnXthAXIRM9dyxhPLgIn7NbKDSb6Htii
LmZIPQjJw9plh4zaKLrrp8Ofi2OW7PQExHzUNlNKl/cCgC+/r1CEICR7Zxvs4klF
H95GJTygP1uPpoaz3jpOlrC/5Q/NvoS/b9bLEKamtVA4PQ7QPVbZVFT0opofbFGB
s6spkvb5A2UIjzf9v/bUNg7nIECatvesiHP49P+q5SzJVSr0IG25qCoQ8Ijuu6rr
BwrNyXLoZNzh/XA/pzfhdTrzvFAnJYiajYeS7Zp0wzxYq9rzxev6bjs+394k0NgX
G8D+8juWjogJJU8EfT6ekGIWZTCLxQYUpodTrsQtjwat+COmeZBRnhfWG8RJaadM
3BRd9ea1i/iPlIuPdfhoDbopBtYrbeoKJ6XslHVeXeCnPDGM8NIPkh+c/SlJBzcB
LR6IAcNQIaPoqiTrozFArRLUkxB90bDtFn4sGstg1YoVaJkP4lV5hMu3kBWHSCJz
IevjgWrkaNo35QRqSeFKRDOnpEtQGr3deC4EnirdJ077d0zRWkaokPRBUF8mbeNP
Vr59HJfskDLtEPQ6W7AE5ORWU/FRClS49hMYMlhZuNdWDlWu5UQQ4aJpiNY9pYFb
2cXz1cBkzXOL
=s9n0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 07 May 2017 07:30:35 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:16:20 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon