Package: freeradius-dialupadmin; Maintainer for freeradius-dialupadmin is (unknown);
Reported by: "Dmitry E. Oboukhov" <dimka@uvw.ru>
Date: Sun, 24 Aug 2008 18:10:19 UTC
Severity: grave
Tags: security
Fixed in version freeradius/2.0.4+dfsg-6
Done: Stephen Gran <sgran@debian.org>
Bug is archived. No further changes may be made.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded to debian-bugs-dist@lists.debian.org, Stephen Gran <sgran@debian.org>
:
Bug#496389
; Package freeradius-dialupadmin
.
(full text, mbox, link).
Acknowledgement sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
New Bug report received and forwarded. Copy sent to Stephen Gran <sgran@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: freeradius-dialupadmin Severity: grave Hi, maintainer! This message about the error concerns a few packages at once. I've tested all the packages (for Lenny) on my Debian mirror. All scripts of packages (marked as executable) were tested. In some packages I've discovered scripts with errors which may be used by a user for damaging important system files or user's files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlink with the same name in this directory in order to destroy or rewrite some system or user file. Symlink attack may also lead not only to the data desctruction but to denial of service as well. Even if you create files or directories with help of function 'RANDOM' or pid(), then your system is not protected. Attacker can create many symlinks in order to destroy your data or create 'denial of service' for your package scripts. Even if you make rm(dir) for files/directories, then your system is not protected. Attacker can permanently create symlinks. This list is created with the help of script. This list is sorted by hand. Howewer in some cases mistake is possible. Please, Be understanding to possible mistakes. :) I set Severity into grave for this bug. The table of discovered problems is below. Discussion of this bug you can see in debian-devel@: http://lists.debian.org/debian-devel/2008/08/msg00271.html Binary-package: r-base-core-ra (1.1.1-1) file: /usr/lib/Ra/lib/R/bin/javareconf Binary-package: rccp (0.9-2) file: /usr/lib/rccp/delqueueask Binary-package: mafft (6.240-1) file: /usr/bin/mafft-homologs Binary-package: openoffice.org-common (1:2.4.1-6) file: /usr/lib/openoffice/program/senddoc Binary-package: crossfire-maps (1.11.0-1) file: /usr/share/games/crossfire/maps/Info/combine.pl Binary-package: sgml2x (1.0.0-11.1) file: /usr/bin/rlatex Binary-package: liguidsoap (0.3.6-4) file: /var/lib/liguidsoap/liguidsoap.py Binary-package: citadel-server (7.37-1) file: /usr/lib/citadel-server/migrate_aliases.sh Binary-package: ampache (3.4.1-1) file: /usr/share/ampache/www/locale/base/gather-messages.sh Binary-package: xen-utils-3.2-1 (3.2.1-2) file: /usr/lib/xen-3.2-1/bin/qemu-dm.debug Binary-package: dtc-common (0.29.6-1) file: /usr/share/dtc/admin/accesslog.php file: /usr/share/dtc/admin/sa-wrapper Binary-package: honeyd-common (1.5c-3) file: /usr/share/honeyd/scripts/test.sh Binary-package: lustre-tests (1.6.5-1) file: /usr/lib/lustre/tests/runiozone Binary-package: linuxtrade (3.65-8+b4) file: /usr/share/linuxtrade/bin/linuxtrade.bwkvol file: /usr/share/linuxtrade/bin/linuxtrade.wn file: /usr/share/linuxtrade/bin/moneyam.helper Binary-package: freevo (1.8.1-0) file: /usr/bin/freevo.real Binary-package: fml (4.0.3.dfsg-2) file: /usr/share/fml/libexec/mead.pl Binary-package: rkhunter (1.3.2-3) file: /usr/bin/rkhunter Binary-package: openswan (1:2.4.12+dfsg-1.1) file: /usr/lib/ipsec/livetest Binary-package: linux-patch-openswan (1:2.4.12+dfsg-1.1) file: /usr/src/kernel-patches/all/openswan/packaging/utils/maysnap file: /usr/src/kernel-patches/all/openswan/packaging/utils/maytest Binary-package: aptoncd (0.1-1.1) file: /usr/share/aptoncd/xmlfile.py Binary-package: cdcontrol (1.90-1.1) file: /usr/lib/cdcontrol/writtercontrol Binary-package: newsgate (1.6-23) file: /usr/bin/mkmailpost Binary-package: gpsdrive-scripts (2.10~pre4-3) file: /usr/bin/geo-code Binary-package: impose+ (0.2-11) file: /usr/bin/impose Binary-package: mgt (2.31-5) file: /usr/games/mailgo Binary-package: audiolink (0.05-1) file: /usr/bin/audiolink Binary-package: ibackup (2.27-4.1) file: /usr/bin/ibackup Binary-package: emacspeak (26.0-3) file: /usr/share/emacs/site-lisp/emacspeak/etc/extract-table.pl Binary-package: bk2site (1:1.1.9-3.1) file: /usr/lib/cgi-bin/bk2site/redirect.pl Binary-package: datafreedom-perl (0.1.7-1) file: /usr/bin/dfxml-invoice Binary-package: emacs-jabber (0.7.91-1) file: /usr/lib/emacsen-common/packages/install/emacs-jabber Binary-package: lmbench (3.0-a7-1) file: /usr/lib/lmbench/scripts/rccs file: /usr/lib/lmbench/scripts/STUFF Binary-package: rancid-util (2.3.2~a8-1) file: /var/lib/rancid/getipacctg Binary-package: ogle (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: firehol (1.256-4) file: /sbin/firehol Binary-package: aview (1.3.0rc1-8) file: /usr/bin/asciiview Binary-package: radiance (3R9+20080530-3) file: /usr/bin/optics2rad file: /usr/bin/pdelta file: /usr/bin/dayfact file: /usr/bin/raddepend Binary-package: vdr-dbg (1.6.0-5) file: /usr/bin/vdrleaktest Binary-package: ogle-mmx (0.9.2-5.2) file: /usr/lib/ogle/ogle_audio_debug file: /usr/lib/ogle/ogle_cli_debug file: /usr/lib/ogle/ogle_ctrl_debug file: /usr/lib/ogle/ogle_gui_debug file: /usr/lib/ogle/ogle_mpeg_ps_debug file: /usr/lib/ogle/ogle_mpeg_vs_debug file: /usr/lib/ogle/ogle_nav_debug file: /usr/lib/ogle/ogle_vout_debug Binary-package: convirt (0.8.2-3) file: /usr/share/convirt/image_store/_template_/provision.sh file: /usr/share/convirt/image_store/Linux_CD_Install/provision.sh file: /usr/share/convirt/image_store/Fedora_PV_Install/provision.sh file: /usr/share/convirt/image_store/CentOS_PV_Install/provision.sh file: /usr/share/convirt/image_store/common/provision.sh file: /usr/share/convirt/image_store/example/provision.sh file: /usr/share/convirt/image_store/Windows_CD_Install/provision.sh Binary-package: printfilters-ppd (2.13-9) file: /usr/lib/printfilters/master-filter Binary-package: r-base-core (2.7.1-1) file: /usr/lib/R/bin/javareconf file: /usr/lib/R/bin/javareconf.orig Binary-package: xmcd (2.6-19.3) file: /usr/share/xmcd/scripts/ncsarmt file: /usr/share/xmcd/scripts/ncsawrap Binary-package: tiger (1:3.2.2-3.1) file: /usr/lib/tiger/util/genmsgidx Binary-package: scilab-bin (4.1.2-5) file: /usr/lib/scilab-4.1.2/bin/scilink file: /usr/lib/scilab-4.1.2/util/scidoc file: /usr/lib/scilab-4.1.2/util/scidem Binary-package: dpkg-cross (2.3.0) file: /usr/share/dpkg-cross/bin/gccross Binary-package: ltp-network-test (20060918-2.1) file: /usr/lib/debian-test/tests/linux/testcases/bin/ftp_setup_vsftp_conf file: /usr/lib/debian-test/tests/linux/testcases/bin/nfs_fsstress.sh Binary-package: cman (2.20080629-1) file: /usr/sbin/fence_egenera Binary-package: scratchbox2 (1.99.0.24-1) file: /usr/share/scratchbox2/scripts/dpkg-checkbuilddeps file: /usr/share/scratchbox2/scripts/sb2-check-pkg-mappings Binary-package: sendmail-base (8.14.3-5) file: /usr/sbin/checksendmail file: /usr/bin/expn Binary-package: fwbuilder (2.1.19-3) file: /usr/bin/fwb_install Binary-package: sng (1.0.2-5) file: /usr/bin/sng_regress Binary-package: dist (1:3.5-17-1) file: /usr/bin/patcil file: /usr/bin/patdiff Binary-package: sympa (5.3.4-5) file: /usr/lib/cgi-bin/sympa/wwsympa.fcgi file: /usr/lib/sympa/bin/sympa.pl Binary-package: postfix (2.5.2-2) file: /usr/lib/postfix_groups.pl Binary-package: caudium (3:1.4.12-11) file: /usr/share/caudium/configvar Binary-package: mgetty-fax (1.1.36-1.2) file: /usr/bin/faxspool Binary-package: aegis (4.24-3) file: /usr/share/doc/aegis/examples/remind/bng_dvlpd.sh file: /usr/share/doc/aegis/examples/remind/bng_rvwd.sh file: /usr/share/doc/aegis/examples/remind/awt_dvlp.sh file: /usr/share/doc/aegis/examples/remind/awt_intgrtn.sh Binary-package: aegis-web (4.24-3) file: /usr/lib/cgi-bin/aegis.cgi Binary-package: digitaldj (0.7.5-6+b1) file: /usr/share/digitaldj/fest.pl Binary-package: mon (0.99.2-12) file: /usr/lib/mon/alert.d/test.alert Binary-package: feta (1.4.16) file: /usr/share/feta/plugins/to-upgrade Binary-package: arb-common (0.0.20071207.1-4) file: /usr/lib/arb/SH/arb_fastdnaml file: /usr/lib/arb/SH/dszmconnect.pl Binary-package: qemu (0.9.1-5) file: /usr/sbin/qemu-make-debian-root Binary-package: apertium (3.0.7+1-1+b1) file: /usr/bin/apertium-gen-deformat file: /usr/bin/apertium-gen-reformat file: /usr/bin/apertium Binary-package: xcal (4.1-18.3) file: /usr/bin/pscal Binary-package: myspell-tools (1:3.1-20) file: /usr/bin/i2myspell Binary-package: gccxml (0.9.0+cvs20080525-1) file: /usr/share/gccxml-0.9/MIPSpro/find_flags Binary-package: freeradius-dialupadmin (2.0.4+dfsg-4) file: /usr/share/freeradius-dialupadmin/bin/backup_radacct file: /usr/share/freeradius-dialupadmin/bin/clean_radacct file: /usr/share/freeradius-dialupadmin/bin/monthly_tot_stats file: /usr/share/freeradius-dialupadmin/bin/tot_stats file: /usr/share/freeradius-dialupadmin/bin/truncate_radacct Binary-package: dhis-server (5.3-1) file: /usr/lib/dhis-server/dhis-dummy-log-engine Binary-package: wims (3.62-13) file: /var/lib/wims/public_html/bin/coqweb file: /var/lib/wims/bin/account.sh Binary-package: initramfs-tools (0.92f) file: /usr/share/initramfs-tools/init Binary-package: realtimebattle-common (1.0.8-7) file: /usr/lib/realtimebattle/Robots/perl.robot Binary-package: netmrg (0.20-1) file: /usr/bin/rrdedit Binary-package: bulmages-servers (0.11.1-2) file: /usr/share/bulmages/examples/scripts/actualizabulmacont file: /usr/share/bulmages/examples/scripts/installbulmages-db file: /usr/share/bulmages/examples/scripts/creabulmafact file: /usr/share/bulmages/examples/scripts/creabulmacont file: /usr/share/bulmages/examples/scripts/actualizabulmafact Binary-package: xastir (1.9.2-1) file: /usr/lib/xastir/get-maptools.sh file: /usr/lib/xastir/get_shapelib.sh Binary-package: plait (1.5.2-1) file: /usr/bin/plaiter file: /usr/bin/plait Binary-package: cdrw-taper (0.4-2) file: /usr/sbin/amlabel-cdrw Binary-package: konwert-filters (1.8-11.1) file: /usr/share/konwert/filters/any-UTF8 Binary-package: gdrae (0.1-1) file: /usr/bin/gdrae Binary-package: lazarus-src (0.9.24-0-9) file: /usr/lib/lazarus/tools/install/create_lazarus_export_tgz.sh
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#496389
; Package freeradius-dialupadmin
.
(full text, mbox, link).
Acknowledgement sent to Stephen Gran <sgran@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #10 received at 496389@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This one time, at band camp, Dmitry E. Oboukhov said: > Hi, maintainer! > > This message about the error concerns a few packages at once. I've > tested all the packages (for Lenny) on my Debian mirror. All scripts > of packages (marked as executable) were tested. So, what is the error that is grave that I'm supposed to correct? -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Tags added:
Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru>
to control@bugs.debian.org
.
(Tue, 26 Aug 2008 08:45:31 GMT) (full text, mbox, link).
Tags added: security
Request was from "Dmitry E. Oboukhov" <dimka@uvw.ru>
to control@bugs.debian.org
.
(Tue, 26 Aug 2008 08:57:21 GMT) (full text, mbox, link).
Reply sent to Stephen Gran <sgran@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to "Dmitry E. Oboukhov" <dimka@uvw.ru>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #19 received at 496389-close@bugs.debian.org (full text, mbox, reply):
Source: freeradius Source-Version: 2.0.4+dfsg-6 We believe that the bug you reported is fixed in the latest version of freeradius, which is due to be installed in the Debian FTP archive: freeradius-common_2.0.4+dfsg-6_all.deb to pool/main/f/freeradius/freeradius-common_2.0.4+dfsg-6_all.deb freeradius-dbg_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-dbg_2.0.4+dfsg-6_amd64.deb freeradius-dialupadmin_2.0.4+dfsg-6_all.deb to pool/main/f/freeradius/freeradius-dialupadmin_2.0.4+dfsg-6_all.deb freeradius-iodbc_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-iodbc_2.0.4+dfsg-6_amd64.deb freeradius-krb5_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-krb5_2.0.4+dfsg-6_amd64.deb freeradius-ldap_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-ldap_2.0.4+dfsg-6_amd64.deb freeradius-mysql_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-mysql_2.0.4+dfsg-6_amd64.deb freeradius-postgresql_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-postgresql_2.0.4+dfsg-6_amd64.deb freeradius-utils_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius-utils_2.0.4+dfsg-6_amd64.deb freeradius_2.0.4+dfsg-6.diff.gz to pool/main/f/freeradius/freeradius_2.0.4+dfsg-6.diff.gz freeradius_2.0.4+dfsg-6.dsc to pool/main/f/freeradius/freeradius_2.0.4+dfsg-6.dsc freeradius_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/freeradius_2.0.4+dfsg-6_amd64.deb libfreeradius-dev_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/libfreeradius-dev_2.0.4+dfsg-6_amd64.deb libfreeradius2_2.0.4+dfsg-6_amd64.deb to pool/main/f/freeradius/libfreeradius2_2.0.4+dfsg-6_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 496389@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Stephen Gran <sgran@debian.org> (supplier of updated freeradius package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 25 Aug 2008 14:18:48 +0100 Source: freeradius Binary: freeradius freeradius-common freeradius-utils freeradius-krb5 freeradius-ldap freeradius-mysql freeradius-iodbc freeradius-postgresql libfreeradius2 libfreeradius-dev freeradius-dialupadmin freeradius-dbg Architecture: source amd64 all Version: 2.0.4+dfsg-6 Distribution: unstable Urgency: low Maintainer: Stephen Gran <sgran@debian.org> Changed-By: Stephen Gran <sgran@debian.org> Description: freeradius - a high-performance and highly configurable RADIUS server freeradius-common - FreeRadius common files freeradius-dbg - a high-performance and highly configurable RADIUS server; debug s freeradius-dialupadmin - set of PHP scripts for administering a FreeRADIUS server freeradius-iodbc - iODBC module for FreeRADIUS server freeradius-krb5 - kerberos module for FreeRADIUS server freeradius-ldap - LDAP module for FreeRADIUS server freeradius-mysql - MySQL module for FreeRADIUS server freeradius-postgresql - PostgreSQL module for FreeRADIUS server freeradius-utils - FreeRadius client utilities libfreeradius-dev - FreeRADIUS shared library development files libfreeradius2 - FreeRADIUS shared library Closes: 496389 Changes: freeradius (2.0.4+dfsg-6) unstable; urgency=low . * Fix unsafe use of tempfile (closes: #496389) Checksums-Sha1: da7a4c961ad498d75025d0756361f076a7169b19 1476 freeradius_2.0.4+dfsg-6.dsc 2feea2570ac4aa7e86622a6dd629a40961e22780 4860 freeradius_2.0.4+dfsg-6.diff.gz da302199e6ab84b930a0e8c9db540eab1da64dae 513730 freeradius_2.0.4+dfsg-6_amd64.deb 4d9aca1c723df137e82f589d2893ac32f0c3ca8e 75148 freeradius-utils_2.0.4+dfsg-6_amd64.deb c52b5ceb1ecb036841da0ec1556f81970765cfa0 18320 freeradius-krb5_2.0.4+dfsg-6_amd64.deb cd2ffb449cb2d3f31f99b0232e8e2cd3f744ad56 35810 freeradius-ldap_2.0.4+dfsg-6_amd64.deb 330e1c8f05d9c88728fede09e976997b92fb11cc 24938 freeradius-mysql_2.0.4+dfsg-6_amd64.deb cc5b30a26027778588615386a71f97fc9cfb205a 17592 freeradius-iodbc_2.0.4+dfsg-6_amd64.deb c4c1f36f5ba5e0e52a6e78b55f2e409e9e867323 37508 freeradius-postgresql_2.0.4+dfsg-6_amd64.deb 9c26a1327f1f1610da38426298b52868f8b1235c 81292 libfreeradius2_2.0.4+dfsg-6_amd64.deb 3cac5bd67859cfd43e0ba21987299bd48b8e5fb0 103662 libfreeradius-dev_2.0.4+dfsg-6_amd64.deb de8b63ef2b86d92d1a3bf3436b4776a8d7a3be33 841770 freeradius-dbg_2.0.4+dfsg-6_amd64.deb e41c229f282b5b0098178f2523fb5a04b2400cec 203976 freeradius-common_2.0.4+dfsg-6_all.deb 3d93c707dcc2ebb7e91b414ef280f036cc3a9b59 130028 freeradius-dialupadmin_2.0.4+dfsg-6_all.deb Checksums-Sha256: b733fb660bad436d49ef6c5dd64e439b5759f0407dd280d143e0f49d173a587e 1476 freeradius_2.0.4+dfsg-6.dsc 354ab8f92c3dd692d81a26d6da802435e359a84f320c07dd6e0dc6fb69214aa6 4860 freeradius_2.0.4+dfsg-6.diff.gz 1db7a600861f63d715f091f45e79fbf3e43df0181863f03623ed0950a3f16678 513730 freeradius_2.0.4+dfsg-6_amd64.deb 5be3515ed70467d2c7b3eba973cad9d9f14ddb6a3aac3dc46048ae8887a36caa 75148 freeradius-utils_2.0.4+dfsg-6_amd64.deb c8fab3e15fbfb0edb21d59b2eae7af5d112f156d1c76a7c6170823aacaf4b067 18320 freeradius-krb5_2.0.4+dfsg-6_amd64.deb c766f888f247f69dab5abfa808561cb3c30ef60d8731ba23914faed2860a243e 35810 freeradius-ldap_2.0.4+dfsg-6_amd64.deb ca877a168e09b65e7de0a269e45006398254653810b189e7fd8ecedab117a47e 24938 freeradius-mysql_2.0.4+dfsg-6_amd64.deb 6ecd71d3f9784ff408bfaf8f9bac833243e2745256073e9134060e0e8057b5c7 17592 freeradius-iodbc_2.0.4+dfsg-6_amd64.deb 326c3550d60fb08e26414b1de64ca0ed410118c6a0e9a7024906d0b9c1ae21f1 37508 freeradius-postgresql_2.0.4+dfsg-6_amd64.deb f920f86c737d6945aad0548e5d6bf8ac76e83ea582eaded71e4932bccdb7413d 81292 libfreeradius2_2.0.4+dfsg-6_amd64.deb e276d29af6b6f789fd83661840211fbe6d5c096ce963ba596cf5491a813e672a 103662 libfreeradius-dev_2.0.4+dfsg-6_amd64.deb 428a66167a15e587eaf54b0aa9ccf76238ad45d4d4d04a77bf887db0c016bf7d 841770 freeradius-dbg_2.0.4+dfsg-6_amd64.deb d1f4d3654e232b6117b9f8922a2f96f71591a40c05f07aa41bf3f7a15b312805 203976 freeradius-common_2.0.4+dfsg-6_all.deb d1974c63371efa15098c79a2752a4b37b3168e5c8a074f5675c25a3210083261 130028 freeradius-dialupadmin_2.0.4+dfsg-6_all.deb Files: 4f277e4a228c12d8b33b00662def93a6 1476 net optional freeradius_2.0.4+dfsg-6.dsc dfa7b1ae63bc33add3a2bd892fd858d0 4860 net optional freeradius_2.0.4+dfsg-6.diff.gz eda4234d5944a235884f3226e0e24135 513730 net optional freeradius_2.0.4+dfsg-6_amd64.deb 6dbaf43f148495d723ea1df56b3d9c0f 75148 net optional freeradius-utils_2.0.4+dfsg-6_amd64.deb 97718d885d682e550e949cfd729563b4 18320 net optional freeradius-krb5_2.0.4+dfsg-6_amd64.deb 6edea391aea9d934282e9f6c5259614e 35810 net optional freeradius-ldap_2.0.4+dfsg-6_amd64.deb 10c7d123ffaddf41de388886f78b98cf 24938 net optional freeradius-mysql_2.0.4+dfsg-6_amd64.deb dfe7400a58a0d6a4c64a886c6335d54f 17592 net optional freeradius-iodbc_2.0.4+dfsg-6_amd64.deb 2aa09c0767dce7be1a5bc8afa95d3191 37508 net optional freeradius-postgresql_2.0.4+dfsg-6_amd64.deb 3a4d04c84c9c0fdb7bd531480a0616ce 81292 net optional libfreeradius2_2.0.4+dfsg-6_amd64.deb 3e3522453c9c0a60ceabfc6050fd524e 103662 libdevel optional libfreeradius-dev_2.0.4+dfsg-6_amd64.deb 6a2f4d404bb1cb30785885ce117d80e8 841770 net extra freeradius-dbg_2.0.4+dfsg-6_amd64.deb 91d6a4dd313a9778f0e90028cce71845 203976 net optional freeradius-common_2.0.4+dfsg-6_all.deb 36bc6d011428478a66689074c8d2df8f 130028 net optional freeradius-dialupadmin_2.0.4+dfsg-6_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjEFD8ACgkQNIW6CNDsByMragCfec4xi/OlezWe57+S15fic4nK XEgAn23NESkKAFpRDWmNmr+WYTjkQZh4 =Xxtn -----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Stephen Gran <sgran@debian.org>
:
Bug#496389
; Package freeradius-dialupadmin
.
(Thu, 09 Oct 2008 09:30:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Pavol Rusnak <prusnak@suse.cz>
:
Extra info received and forwarded to list. Copy sent to Stephen Gran <sgran@debian.org>
.
(Thu, 09 Oct 2008 09:30:10 GMT) (full text, mbox, link).
Message #24 received at 496389@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
According to bugreport 5 files should be fixed and only one is fixed. I'm attaching patch that fixes another 4 in similar fashion. -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o Package Maintainer Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz
[CVE-2008-4474.patch (text/x-patch, inline)]
--- dialup_admin/bin/clean_radacct +++ dialup_admin/bin/clean_radacct @@ -5,6 +5,7 @@ # Works with mysql and postgresql # use POSIX; +use File::Temp; $conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $back_days = 35; @@ -42,11 +43,10 @@ $query = "DELETE FROM $sql_accounting_table WHERE AcctStopTime IS NULL AND AcctStartTime < '$date';"; print "$query\n"; -open TMP, ">/tmp/clean_radacct.query" - or die "Could not open tmp file\n"; -print TMP $query; -close TMP; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/clean_radacct.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/clean_radacct.query $sql_database" if ($sql_type eq 'pg'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/clean_radacct.query" if ($sql_type eq 'sqlrelay'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh $query; +close $fh; +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; --- dialup_admin/bin/monthly_tot_stats +++ dialup_admin/bin/monthly_tot_stats @@ -1,5 +1,6 @@ #!/usr/bin/perl use POSIX; +use File::Temp; # Log in the mtotacct table aggregated accounting information for # each user spaning in one month period. @@ -51,14 +52,13 @@ AcctDate <= '$date_end' GROUP BY UserName,NASIPAddress;"; print "$query1\n"; print "$query2\n"; -open TMP, ">/tmp/tot_stats.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query1; -print TMP $query2; -close TMP; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query1; +print $fh $query2; +close $fh; +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; --- dialup_admin/bin/tot_stats +++ dialup_admin/bin/tot_stats @@ -1,5 +1,6 @@ #!/usr/bin/perl use POSIX; +use File::Temp; # Log in the totacct table aggregated daily accounting information for # each user. @@ -48,14 +49,13 @@ AcctStopTime < '$date_end' GROUP BY UserName,NASIPAddress;"; print "$query1\n"; print "$query2\n"; -open TMP, ">/tmp/tot_stats.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query1; -print TMP $query2; -close TMP; -$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database </tmp/tot_stats.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/tot_stats.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query1; +print $fh $query2; +close $fh; +$command = "$sqlcmd -h $sql_server -u $sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/tot_stats.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`; --- dialup_admin/bin/truncate_radacct +++ dialup_admin/bin/truncate_radacct @@ -5,6 +5,7 @@ # Works with mysql and postgresql # use POSIX; +use File::Temp; $conf=shift||'/usr/share/dialup_admin/conf/admin.conf'; $back_days = 90; @@ -44,13 +45,12 @@ $query .= "DELETE FROM $sql_accounting_table WHERE AcctStopTime < '$date' AND AcctStopTime IS NOT NULL ;"; $query .= "UNLOCK TABLES;" if ($sql_type eq 'mysql'); print "$query\n"; -open TMP, ">/tmp/truncate_radacct.query" - or die "Could not open tmp file\n"; -print TMP "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); -print TMP $query; -close TMP; -$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database </tmp/truncate_radacct.query" if ($sql_type eq 'mysql'); -$command = "$sqlcmd -U $sql_username -f /tmp/truncate_radacct.query $sql_database" if ($sql_type eq 'pg'); +my ($fh, $tmp_filename) = tempfile() or die "Could not open tmp file\n"; +print $fh "ALTER SESSION SET NLS_TIMESTAMP_TZ_FORMAT='YYYY-MM-DD HH24:MI:SS.FF TZH:TZM';\n" if ($sql_type eq 'oracle'); +print $fh $query; +close $fh; +$command = "$sqlcmd -h$sql_server -u$sql_username $sql_password $sql_database < $tmp_filename" if ($sql_type eq 'mysql'); +$command = "$sqlcmd -U $sql_username -f $tmp_filename $sql_database" if ($sql_type eq 'pg'); $command = "$sqlcmd $sql_username/$pass" . "@" . "$sql_database <$tmpfile.$server" if ($sql_type eq 'oracle'); -$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' </tmp/truncate_radacct.query" if ($sql_type eq 'sqlrelay'); +$command = "$sqlcmd '$sql_server' '$sql_port' '' '$sql_username' '$sql_password' < $tmp_filename" if ($sql_type eq 'sqlrelay'); `$command`;
Information forwarded
to debian-bugs-dist@lists.debian.org, Stephen Gran <sgran@debian.org>
:
Bug#496389
; Package freeradius-dialupadmin
.
(Thu, 09 Oct 2008 10:15:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Pavol Rusnak <prusnak@suse.cz>
:
Extra info received and forwarded to list. Copy sent to Stephen Gran <sgran@debian.org>
.
(Thu, 09 Oct 2008 10:15:03 GMT) (full text, mbox, link).
Message #29 received at 496389@bugs.debian.org (full text, mbox, reply):
Stephen Gran wrote: > Ah, fair enough. Somehow I missed them in the initial review, possibly > because none f them were mentioned :/ Upstream bug: http://bugs.freeradius.org/show_bug.cgi?id=605 -- Best Regards / S pozdravom, Pavol RUSNAK SUSE LINUX, s.r.o Package Maintainer Lihovarska 1060/12 PGP 0xA6917144 19000 Praha 9, CR prusnak[at]suse.cz http://www.suse.cz
Information forwarded
to debian-bugs-dist@lists.debian.org
:
Bug#496389
; Package freeradius-dialupadmin
.
(Thu, 09 Oct 2008 10:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stephen Gran <sgran@debian.org>
:
Extra info received and forwarded to list.
(Thu, 09 Oct 2008 10:15:04 GMT) (full text, mbox, link).
Message #34 received at 496389@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
This one time, at band camp, Pavol Rusnak said: > According to bugreport 5 files should be fixed and only one is fixed. > I'm attaching patch that fixes another 4 in similar fashion. Ah, fair enough. Somehow I missed them in the initial review, possibly because none f them were mentioned :/ Cheers, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Mon, 16 Mar 2009 10:28:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.