CVE-2006-7221: fsplib off-by-one in namelen

Debian Bug report logs - #437710
CVE-2006-7221: fsplib off-by-one in namelen

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Kees Cook <kees@outflux.net>

To: Debian Bugs <submit@bugs.debian.org>

Subject: CVE-2006-7221: fsplib off-by-one in namelen

Date: Mon, 13 Aug 2007 12:34:32 -0700

[Message part 1 (text/plain, inline)]

Package: gftp
Version: 2.0.18-16
Severity: important
Tags: patch, security

gftp seems vulnerable to CVE-2006-7221:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7221

"Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow
attackers to cause a denial of service via unspecified vectors involving
the (1) name and (2) d_name entry attributes."

Attached patch includes the upstream fsplib changes.

-- 
Kees Cook                                            @outflux.net

[gftp-fsplib.diff (text/x-diff, attachment)]

Message #10 received at 437710@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 437710@bugs.debian.org

Subject: Re: CVE-2006-7221: fsplib off-by-one in namelen

Date: Sat, 8 Dec 2007 15:58:14 +0100

[Message part 1 (text/plain, inline)]

Hi,
any news on this?
Aurélien this is open for quite some time now without any 
action. I am going to upload an NMU for gftp if nothing will 
happen in the next week :)
Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #15 received at 437710@bugs.debian.org (full text, mbox, reply):

From: Aurélien GÉRÔME <ag@roxor.cx>

To: Nico Golde <nion@debian.org>, 437710@bugs.debian.org

Subject: Re: Bug#437710: CVE-2006-7221: fsplib off-by-one in namelen

Date: Sun, 9 Dec 2007 02:40:21 +0100

[Message part 1 (text/plain, inline)]

Hi,

On Sat, Dec 08, 2007 at 03:58:14PM +0100, Nico Golde wrote:
>any news on this?

Yes, I thought at one time about uploading the current SVN, but I
came to the conclusion that it would be better in experimental until
an official release comes.

>Aurélien this is open for quite some time now without any 
>action. I am going to upload an NMU for gftp if nothing will 
>happen in the next week :)

Thanks, I will upload it today or tomorrow with the DM-super-cow-powers
enabled. Therefore I will no longer have an excuse for not uploading
sooner. :]

Cheers,
-- 
 .''`.   Aurélien GÉRÔME
: :'  :
`. `'`   Free Software Developer
  `-     Unix Sys & Net Admin

[signature.asc (application/pgp-signature, inline)]

Message #20 received at 437710@bugs.debian.org (full text, mbox, reply):

From: Nico Golde <nion@debian.org>

To: 437710@bugs.debian.org

Subject: Re: Bug#437710: CVE-2006-7221: fsplib off-by-one in namelen

Date: Sun, 9 Dec 2007 12:34:04 +0100

[Message part 1 (text/plain, inline)]

Hi Aurélien,
* Aurélien GÉRÔME <ag@roxor.cx> [2007-12-09 11:52]:
> On Sat, Dec 08, 2007 at 03:58:14PM +0100, Nico Golde wrote:
> >any news on this?
> 
> Yes, I thought at one time about uploading the current SVN, but I
> came to the conclusion that it would be better in experimental until
> an official release comes.

Ok.

> >Aurélien this is open for quite some time now without any 
> >action. I am going to upload an NMU for gftp if nothing will 
> >happen in the next week :)
> 
> Thanks, I will upload it today or tomorrow with the DM-super-cow-powers
> enabled. Therefore I will no longer have an excuse for not uploading
> sooner. :]

Cool, thank you!
Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

[Message part 2 (application/pgp-signature, inline)]

Message #25 received at 437710-close@bugs.debian.org (full text, mbox, reply):

From: Aurélien GÉRÔME <ag@roxor.cx>

To: 437710-close@bugs.debian.org

Subject: Bug#437710: fixed in gftp 2.0.18-17

Date: Sun, 09 Dec 2007 19:32:17 +0000

Source: gftp
Source-Version: 2.0.18-17

We believe that the bug you reported is fixed in the latest version of
gftp, which is due to be installed in the Debian FTP archive:

gftp-common_2.0.18-17_i386.deb
  to pool/main/g/gftp/gftp-common_2.0.18-17_i386.deb
gftp-gtk_2.0.18-17_i386.deb
  to pool/main/g/gftp/gftp-gtk_2.0.18-17_i386.deb
gftp-text_2.0.18-17_i386.deb
  to pool/main/g/gftp/gftp-text_2.0.18-17_i386.deb
gftp_2.0.18-17.diff.gz
  to pool/main/g/gftp/gftp_2.0.18-17.diff.gz
gftp_2.0.18-17.dsc
  to pool/main/g/gftp/gftp_2.0.18-17.dsc
gftp_2.0.18-17_all.deb
  to pool/main/g/gftp/gftp_2.0.18-17_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 437710@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurélien GÉRÔME <ag@roxor.cx> (supplier of updated gftp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 09 Dec 2007 19:13:40 +0100
Source: gftp
Binary: gftp gftp-text gftp-common gftp-gtk
Architecture: source i386 all
Version: 2.0.18-17
Distribution: unstable
Urgency: medium
Maintainer: Aurélien GÉRÔME <ag@roxor.cx>
Changed-By: Aurélien GÉRÔME <ag@roxor.cx>
Description: 
 gftp       - X/GTK+ FTP client
 gftp-common - shared files for other gFTP packages
 gftp-gtk   - X/GTK+ FTP client
 gftp-text  - colored FTP client using GLib
Closes: 437710
Changes: 
 gftp (2.0.18-17) unstable; urgency=medium
 .
   * Remove Aurélien Jarno from the Uploaders field, as he no longer
     wants to be involved. Thanks for your work until now!
   * Bump Standards-Version to 3.7.3.
   * Add the Homepage field and remove it from the long description.
   * Add the Vcs-Git/Vcs-Browser fields.
   * Add the XS-DM-Upload-Allowed field.
   * Fix CVE-2006-7221: multiple off-by-one errors in fsplib.
     (Closes: #437710)
   * Fix lintian warning "debian-rules-ignores-make-clean-error
     line 48".
   * Fix lintian warnings "substvar-source-version-is-deprecated gftp",
     "substvar-source-version-is-deprecated gftp-gtk", and
     "substvar-source-version-is-deprecated gftp-text".
     + Use suitable ${source:Version} and ${binary:Version} variables.
   * Fix lintian warning "desktop-command-not-in-package
     /usr/share/applications/gftp.desktop gftp".
     + Use gftp-gtk instead.
   * Fix lintian warning "desktop-entry-invalid-category Application
     /usr/share/applications/gftp.desktop".
     + Remove Application category.
   * Fix lintian warning "menu-item-uses-apps-section
     /usr/share/menu/gftp-gtk:6" and "menu-item-creates-new-section
     Apps/Net /usr/share/menu/gftp-gtk:6".
     + Replace Apps/Net by Applications/Network/File Transfer.
   * Remove unused ${misc:Depends} variables from debian/control.
   * Remove unused debhelper tools from debian/rules.
   * Add debian/watch.
Files: 
 ecf396417bebd843b40f0a56171782c0 840 net optional gftp_2.0.18-17.dsc
 7e5538cb308af7a5ca1a5b1e71ca05c3 988042 net optional gftp_2.0.18-17.diff.gz
 2087d5c8a1311e2b53d68007ff35b624 45946 net optional gftp_2.0.18-17_all.deb
 bc8ef82364c7a81f9dce0de79f005b1d 274694 net optional gftp-gtk_2.0.18-17_i386.deb
 ee3db4f2a11d759aea8ba7180a21cc27 122276 net optional gftp-text_2.0.18-17_i386.deb
 ce6c17de2aa1844d307ecb6e0110286d 730002 net optional gftp-common_2.0.18-17_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHXD6NHYflSXNkfP8RAkm4AJsEY8/YcmCr8l7bQh+8InXQVbr4VgCaAnLV
Cxjgdsuxw4BM0eTGaUspy2Y=
=aQ2J
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.