Your message dated Thu, 3 Feb 2005 16:31:31 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293423: security bugs (perlsuid & PERLIO_DEBUG:
CAN-2005-0155, CAN-2005-0156)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 3 Feb 2005 08:44:21 +0000
>From [EMAIL PROTECTED] Thu Feb 03 00:44:21 2005
Return-path: <[EMAIL PROTECTED]>
Received: from office-gw.westend.com (xeniac.intern) [212.117.64.2]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cwcb7-0007SC-00; Thu, 03 Feb 2005 00:44:21 -0800
Received: by xeniac.intern (Postfix, from userid 1000)
id 0D7BF3700B5; Thu, 3 Feb 2005 09:44:14 +0100 (CET)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Christian Hammers <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: security bugs (perlsuid & PERLIO_DEBUG: CAN-2005-0155, CAN-2005-0156)
X-Mailer: reportbug 3.2
Date: Thu, 03 Feb 2005 09:44:13 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: perl
Version: 5.8.4-5
Severity: critical
Tags: security
Hello
Quoting Ubuntu USN-72-1:
===========================================================
Ubuntu Security Notice USN-72-1 February 02, 2005
perl vulnerabilities
CAN-2005-0155, CAN-2005-0156
===========================================================
...
Two exploitable vulnerabilities involving setuid-enabled perl scripts
have been discovered. The package "perl-suid" provides a wrapper
around perl which allows to use setuid-root perl scripts, i.e.
user-callable Perl scripts which have full root privileges.
Previous versions allowed users to overwrite arbitrary files by
setting the PERLIO_DEBUG environment variable and calling an arbitrary
setuid-root perl script. The file that PERLIO_DEBUG points to was then
overwritten by Perl debug messages. This did not allow precise control
over the file content, but could destroy important data. PERLIO_DEBUG
is now ignored for setuid scripts. (CAN-2005-0155)
In addition, calling a setuid-root perl script with a very long path
caused a buffer overflow if PERLIO_DEBUG was set. This buffer overflow
could be exploited to execute arbitrary files with full root
privileges. (CAN-2005-0156)
bye,
-christian-
---------------------------------------
Received: (at 293423-done) by bugs.debian.org; 3 Feb 2005 21:29:08 +0000
>From [EMAIL PROTECTED] Thu Feb 03 13:29:08 2005
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CwoXE-0001aC-00; Thu, 03 Feb 2005 13:29:08 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id 992EA17DD4
for <[EMAIL PROTECTED]>; Thu, 3 Feb 2005 21:29:07 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 36B1C6E316; Thu, 3 Feb 2005 16:31:32 -0500 (EST)
Date: Thu, 3 Feb 2005 16:31:31 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Bug#293423: security bugs (perlsuid & PERLIO_DEBUG: CAN-2005-0155,
CAN-2005-0156)
Message-ID: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="QKdGvSO+nmPlgiQ/"
Content-Disposition: inline
In-Reply-To: <[EMAIL PROTECTED]>
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--QKdGvSO+nmPlgiQ/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Christian Hammers wrote:
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> Ubuntu Security Notice USN-72-1 February 02, 2005
> perl vulnerabilities
> CAN-2005-0155, CAN-2005-0156
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
These were already fixed in perl 5.8.4-6.
--=20
see shy jo
--QKdGvSO+nmPlgiQ/
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCApgzd8HHehbQuO8RAvDHAKCScIDqL82y3V3avAzgkknPPbP7mgCgpuZS
Y7weBebKc3oG1ffSgVA++qM=
=8xCE
-----END PGP SIGNATURE-----
--QKdGvSO+nmPlgiQ/--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
