Debian Bug report logs -
#547011
Insecure temporary file name in iscsi_discovery
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 16 Sep 2009 20:15:11 UTC
Severity: grave
Tags: patch, security
Fixed in versions open-iscsi/2.0.871-1, open-iscsi/2.0.870~rc3-0.4.1
Done: Ritesh Raj Sarraf <rrs@researchut.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Philipp Hug <debian@hug.cx>
:
Bug#547011
; Package open-iscsi
.
(Wed, 16 Sep 2009 20:15:14 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Philipp Hug <debian@hug.cx>
.
(Wed, 16 Sep 2009 20:15:15 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: open-iscsi
Severity: important
Tags: security
The following report was send to us by Kees Cook, this is CVE-2009-1297.
There are currently more important issues scheduled for DSAs, please fix
this one by preparing an update for the next stable point update. Etch
is not affected.
Cheers,
Moritz
Colin Watson reported the following bug:
https://launchpad/bugs/408915
The iscsi_discovery shell script, typically run as root, contains the
following code:
df=/tmp/discovered.$$
dbg "starting discovery to $ip"
iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df}
This is a standard security vulnerability and should be replaced by use of
mktemp or shell variables.
The proposed patch is attached.
diff -u open-iscsi-2.0.870.1/utils/iscsi_discovery open-iscsi-2.0.870.1/utils/iscsi_discovery
--- open-iscsi-2.0.870.1/utils/iscsi_discovery
+++ open-iscsi-2.0.870.1/utils/iscsi_discovery
@@ -128,24 +128,22 @@
connected=0
discovered=0
- df=/tmp/discovered.$$
dbg "starting discovery to $ip"
- iscsiadm -m discovery --type sendtargets --portal ${ip}:${port} > ${df}
- while read portal target
+ disc="$(iscsiadm -m discovery --type sendtargets --portal ${ip}:${port})"
+ echo "${disc}" | while read portal target
do
portal=${portal%,*}
select_transport
- done < ${df}
+ done
- discovered=$(cat ${df} | wc -l)
+ discovered=$(echo "${disc}" | wc -l)
if [ ${discovered} = 0 ]; then
echo "failed to discover targets at ${ip}"
exit 2
else
echo "discovered ${discovered} targets at ${ip}"
fi
- /bin/rm -f ${df}
}
try_login()
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages open-iscsi depends on:
ii libc6 2.9-26 GNU C Library: Shared libraries
open-iscsi recommends no packages.
open-iscsi suggests no packages.
Severity set to 'grave' from 'important'
Request was from Moritz Muehlenhoff <jmm@debian.org>
to control@bugs.debian.org
.
(Wed, 02 Dec 2009 21:21:12 GMT) (full text, mbox, link).
Added tag(s) patch.
Request was from Guido Günther <agx@sigxcpu.org>
to control@bugs.debian.org
.
(Sat, 23 Jan 2010 16:33:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>
:
Bug#547011
; Package open-iscsi
.
(Sat, 23 Jan 2010 17:15:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>
:
Extra info received and forwarded to list. Copy sent to Philipp Hug <debian@hug.cx>
.
(Sat, 23 Jan 2010 17:15:02 GMT) (full text, mbox, link).
Message #14 received at 547011@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Dear maintainer,
I've prepared an NMU for open-iscsi (versioned as 2.0.870~rc3-0.6) and
uploaded it to DELAYED/05. Please feel free to tell me if I
should delay it longer.
Regards.
-- Guido
[open-iscsi-2.0.870~rc3-0.6-nmu.diff (text/x-diff, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>
:
Bug#547011
; Package open-iscsi
.
(Wed, 03 Feb 2010 16:33:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefano Zacchiroli <zack@debian.org>
:
Extra info received and forwarded to list. Copy sent to Philipp Hug <debian@hug.cx>
.
(Wed, 03 Feb 2010 16:33:08 GMT) (full text, mbox, link).
Message #19 received at 547011@bugs.debian.org (full text, mbox, reply):
On Sat, Jan 23, 2010 at 06:12:19PM +0100, Guido Günther wrote:
> I've prepared an NMU for open-iscsi (versioned as 2.0.870~rc3-0.6) and
> uploaded it to DELAYED/05. Please feel free to tell me if I
> should delay it longer.
Heya Guido,
what happened to this NMU? I can't see it in DELAYED [1], and while it
should have expired about a week ago, it has not yet hit the archive:
zack@usha:~$ rmadison open-iscsi
open-iscsi | 2.0.730-1 | etch-m68k | source, m68k
open-iscsi | 2.0.730-1etch4 | oldstable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
open-iscsi | 2.0.870~rc3-0.4 | stable | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
open-iscsi | 2.0.870~rc3-0.5 | testing | source, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
open-iscsi | 2.0.870~rc3-0.5 | unstable | source, alpha, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
nor it is in NEW.
Did you perhaps forget to upload? In that case let us know, so that
someone else with catch up, thanks to your patch :-)
Cheers.
[1] http://ftp-master.debian.org/deferred.html
--
Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..| . |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime
Information forwarded
to debian-bugs-dist@lists.debian.org, Philipp Hug <debian@hug.cx>
:
Bug#547011
; Package open-iscsi
.
(Wed, 03 Feb 2010 17:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Guido Günther <agx@sigxcpu.org>
:
Extra info received and forwarded to list. Copy sent to Philipp Hug <debian@hug.cx>
.
(Wed, 03 Feb 2010 17:06:03 GMT) (full text, mbox, link).
Message #24 received at 547011@bugs.debian.org (full text, mbox, reply):
On Wed, Feb 03, 2010 at 05:25:46PM +0100, Stefano Zacchiroli wrote:
> On Sat, Jan 23, 2010 at 06:12:19PM +0100, Guido Günther wrote:
> > I've prepared an NMU for open-iscsi (versioned as 2.0.870~rc3-0.6) and
> > uploaded it to DELAYED/05. Please feel free to tell me if I
> > should delay it longer.
>
> Heya Guido,
> what happened to this NMU? I can't see it in DELAYED [1], and while it
> should have expired about a week ago, it has not yet hit the archive:
>
> zack@usha:~$ rmadison open-iscsi
> open-iscsi | 2.0.730-1 | etch-m68k | source, m68k
> open-iscsi | 2.0.730-1etch4 | oldstable | source, alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
> open-iscsi | 2.0.870~rc3-0.4 | stable | source, alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
> open-iscsi | 2.0.870~rc3-0.5 | testing | source, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
> open-iscsi | 2.0.870~rc3-0.5 | unstable | source, alpha, amd64, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
>
> nor it is in NEW.
>
> Did you perhaps forget to upload? In that case let us know, so that
> someone else with catch up, thanks to your patch :-)
It got lintian autorejected due to a statically linked binary. We're
currently preparing a new upload including a new upstream version and a
new maintainer:
http://git.debian.org/?p=pkg-iscsi/open-iscsi.git;a=summary
Should be done in a couple of days.
Cheers,
-- Guido
Added tag(s) pending.
Request was from Ritesh Raj Sarraf <rrs@researchut.com>
to control@bugs.debian.org
.
(Tue, 09 Feb 2010 19:06:08 GMT) (full text, mbox, link).
Bug closed, send any further explanations to Moritz Muehlenhoff <jmm@debian.org>
Request was from Ritesh Raj Sarraf <rrs@researchut.com>
to control@bugs.debian.org
.
(Wed, 10 Feb 2010 04:06:02 GMT) (full text, mbox, link).
Bug Marked as fixed in versions open-iscsi/2.0.871-1.
Request was from Ritesh Raj Sarraf <rrs@researchut.com>
to control@bugs.debian.org
.
(Tue, 16 Feb 2010 10:21:15 GMT) (full text, mbox, link).
Reply sent
to Ritesh Raj Sarraf <rrs@researchut.com>
:
You have taken responsibility.
(Fri, 05 Mar 2010 19:54:12 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Fri, 05 Mar 2010 19:54:12 GMT) (full text, mbox, link).
Message #35 received at 547011-close@bugs.debian.org (full text, mbox, reply):
Source: open-iscsi
Source-Version: 2.0.870~rc3-0.4.1
We believe that the bug you reported is fixed in the latest version of
open-iscsi, which is due to be installed in the Debian FTP archive:
open-iscsi_2.0.870~rc3-0.4.1.diff.gz
to main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.4.1.diff.gz
open-iscsi_2.0.870~rc3-0.4.1.dsc
to main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.4.1.dsc
open-iscsi_2.0.870~rc3-0.4.1_amd64.deb
to main/o/open-iscsi/open-iscsi_2.0.870~rc3-0.4.1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 547011@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ritesh Raj Sarraf <rrs@researchut.com> (supplier of updated open-iscsi package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Mar 2010 14:20:24 +0530
Source: open-iscsi
Binary: open-iscsi
Architecture: source amd64
Version: 2.0.870~rc3-0.4.1
Distribution: stable
Urgency: low
Maintainer: Philipp Hug <debian@hug.cx>
Changed-By: Ritesh Raj Sarraf <rrs@researchut.com>
Description:
open-iscsi - High performance, transport independent iSCSI implementation
Closes: 547011
Changes:
open-iscsi (2.0.870~rc3-0.4.1) stable; urgency=low
.
* Fix CVE-2009-1297 (Closes: #547011) - thanks to Colin Watson for
the patch
Checksums-Sha1:
4d8d74235dc6ac11740fbccf1591e001e9c2c942 1771 open-iscsi_2.0.870~rc3-0.4.1.dsc
5e746bf8e45c334ca7f6d3377843a3c539211821 9547 open-iscsi_2.0.870~rc3-0.4.1.diff.gz
82db06f93ac59237010a0e08832cd7d3a4e1dc42 599844 open-iscsi_2.0.870~rc3-0.4.1_amd64.deb
Checksums-Sha256:
e77bc6e1d0f226cf4968c799779f2f139eea2637c09cda1c68a357694f910f3f 1771 open-iscsi_2.0.870~rc3-0.4.1.dsc
ffef33589ce5c4d1c6bbfd738583afc704e151efd2fe6d491445a2edbf754f09 9547 open-iscsi_2.0.870~rc3-0.4.1.diff.gz
c1008850038c9dfbc3c1fbdd2a64514d3241a7bdfefea3276ea40501d4cab790 599844 open-iscsi_2.0.870~rc3-0.4.1_amd64.deb
Files:
71875da184e07dc6aed20387f468dcd5 1771 net optional open-iscsi_2.0.870~rc3-0.4.1.dsc
956fafb452dffd4dba550513aabfcddb 9547 net optional open-iscsi_2.0.870~rc3-0.4.1.diff.gz
cff6a39ee79a1aacd3a4b2c553480481 599844 net optional open-iscsi_2.0.870~rc3-0.4.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBCgAGBQJLkNUGAAoJEKY6WKPy4XVpQMkP/3szpx6zgfP7NaRBdGKqfj76
dubLttCQyl4tVJ9y7MbBC6kHAZk6l57eYLJmIJPD3p4R1S6cEtUobcGNrrEbvTnK
VC8Ee1WU6ssI1LOk6ASI4K6sZI2eVkqaCP5IT0GQdyTtLBkXwmNRJB3kCSFS8zyk
CDzy0xrGBye8yFxm1LWm5GadhrHPwOfpaKEicYQOnxqPEGzcG5lLjJyyqfM1BbUO
nMPn5pH+XUOPO4NorzOwYBrPuInPa+y1eftQfvc/npa2J8wZqJ+0fCYRv2pGdO7m
Qi+EGVPJYkF8BmAurlHUPFrQrRE7bBQF2TM+jEhYU/d2EMwQ/7xIrgmYZFKP25XT
q8FyhtVK5Ro55QlomwSyZlE0dLeA/q7BDTGe1v9tFfmYv2+yy/0pSOiEa5uJEXZ+
d4w72HZW00JVv1+rM9gLUpSvfocb9DUbYaS7ErgQjNoMK+kM9nxSNhVxXWpMGHuY
nLNOrMg9BfLe9nSmFasJbvdr0nLwr6uR+0QdlM31pcdjoajMRUoKWk7u6MX0PDRo
sN/KsaIfK40l3KWK69UIWENTHT8t03nLBruXVb+P/CH8aWsaoI7eDWLSNLKz9Xa0
JdVNTmULKUVct5JqlmPq5b+hjtWeg5yyaYT7m/BW6UUZ/2jw/5yko6QZaH/LHVtV
fdqi/cMWYL1l+uHRIHeY
=s5rC
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 27 Jun 2010 07:32:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 19:07:23 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.