Bug#448519: marked as done (libdspam7-drv-mysql: CVE-2007-6418 cron job may disclose dspam database password to users)

Fri, 11 Apr 2008 13:21:31 -0700 

Your message dated Fri, 11 Apr 2008 19:52:26 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#448519: fixed in dspam 3.6.8-5etch1
has caused the Debian Bug report #448519,
regarding libdspam7-drv-mysql: CVE-2007-6418 cron job may disclose dspam 
database password to users
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
448519: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=448519
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: libdspam7-drv-mysql
Version: 3.6.8-5
Severity: grave
Tags: security
Justification: user security hole

The cron job in /etc/cron.daily/libdspam7-drv-mysql calls mysql like
this:

   /usr/bin/mysql --user=$MYSQL_USER --password=$MYSQL_PASS

This makes the database password of the dspam database user visible in
the command line, so users may see it using ps. A malicious local user
can use this to connect to the dspam databse and read all recent mail of
dspam users. This bug is easily fixed my using a config file or
environment variable to pass the password to mysql.

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (990, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-5-k7
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages libdspam7-drv-mysql depends on:
ii  dbconfig-common        1.8.29+etch1      common framework for packaging dat
ii  debconf [debconf-2.0]  1.5.11            Debian configuration management sy
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libdspam7              3.6.8-5           DSPAM is a scalable and statistica
ii  libldap2               2.1.30-13.3       OpenLDAP libraries
ii  libmysqlclient15off    5.0.32-7etch1     mysql database client library
ii  mysql-client-5.0 [mysq 5.0.32-7etch1     mysql database client binaries
ii  ucf                    2.0020            Update Configuration File: preserv
ii  zlib1g                 1:1.2.3-13        compression library - runtime

Versions of packages libdspam7-drv-mysql recommends:
ii  mysql-server-5.0 [mysql-se 5.0.32-7etch1 mysql database server binaries

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Source: dspam
Source-Version: 3.6.8-5etch1

We believe that the bug you reported is fixed in the latest version of
dspam, which is due to be installed in the Debian FTP archive:

dspam-doc_3.6.8-5etch1_all.deb
  to pool/main/d/dspam/dspam-doc_3.6.8-5etch1_all.deb
dspam-webfrontend_3.6.8-5etch1_all.deb
  to pool/main/d/dspam/dspam-webfrontend_3.6.8-5etch1_all.deb
dspam_3.6.8-5etch1.diff.gz
  to pool/main/d/dspam/dspam_3.6.8-5etch1.diff.gz
dspam_3.6.8-5etch1.dsc
  to pool/main/d/dspam/dspam_3.6.8-5etch1.dsc
dspam_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/dspam_3.6.8-5etch1_i386.deb
libdspam7-dev_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7-dev_3.6.8-5etch1_i386.deb
libdspam7-drv-db4_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7-drv-db4_3.6.8-5etch1_i386.deb
libdspam7-drv-mysql_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7-drv-mysql_3.6.8-5etch1_i386.deb
libdspam7-drv-pgsql_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7-drv-pgsql_3.6.8-5etch1_i386.deb
libdspam7-drv-sqlite3_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7-drv-sqlite3_3.6.8-5etch1_i386.deb
libdspam7_3.6.8-5etch1_i386.deb
  to pool/main/d/dspam/libdspam7_3.6.8-5etch1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated dspam package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 17 Feb 2008 14:50:03 +0100
Source: dspam
Binary: libdspam7-dev libdspam7-drv-pgsql dspam libdspam7-drv-mysql 
dspam-webfrontend dspam-doc libdspam7-drv-db4 libdspam7 libdspam7-drv-sqlite3
Architecture: source i386 all
Version: 3.6.8-5etch1
Distribution: stable-security
Urgency: high
Maintainer: Debian DSPAM Maintainers <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description: 
 dspam      - is a scalable, fast and statistical anti-spam filter
 dspam-doc  - Documentation for dspam
 dspam-webfrontend - DSPAM is a scalable and statistical anti-spam filter
 libdspam7  - DSPAM is a scalable and statistical anti-spam filter
 libdspam7-dev - DSPAM is a scalable and statistical anti-spam filter
 libdspam7-drv-db4 - DSPAM is a scalable and statistical anti-spam filter
 libdspam7-drv-mysql - DSPAM is a scalable and statistical anti-spam filter
 libdspam7-drv-pgsql - DSPAM is a scalable and statistical anti-spam filter
 libdspam7-drv-sqlite3 - DSPAM is a scalable and statistical anti-spam filter
Closes: 448519
Changes: 
 dspam (3.6.8-5etch1) stable-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix leaking of the MySQL password of the dspam database in the
     libdspam7-drv-mysql cronjob (CVE-2007-6418, closes: #448519).
     Thanks Adrian Friedli for the patch.
Files: 
 aca91c929ec1c4e3f575e7e8eb37ba55 1425 mail optional dspam_3.6.8-5etch1.dsc
 c4b1a7079690ee16d8b0f36b2a2a90a4 743275 mail optional dspam_3.6.8.orig.tar.gz
 9e4fa44cfd9154eeea77a895d08e2952 53607 mail optional dspam_3.6.8-5etch1.diff.gz
 b55be9404b573b18b0fc7c21bf0247e8 320328 mail optional 
dspam_3.6.8-5etch1_i386.deb
 5eb5bcf9b8cd0fdf7e5dbdeec8b052c5 110686 libs optional 
libdspam7_3.6.8-5etch1_i386.deb
 e2a75400b747b2bc6f06dcb5548ac6a9 126340 mail optional 
libdspam7-dev_3.6.8-5etch1_i386.deb
 85ceb515c9581c294060f78a50959cba 103912 mail optional 
libdspam7-drv-pgsql_3.6.8-5etch1_i386.deb
 b96896e5ffc7617774a97fe968de4643 96566 mail optional 
libdspam7-drv-mysql_3.6.8-5etch1_i386.deb
 42ea48af401d4b1d1eaa2d0e5251c38b 71254 mail optional 
libdspam7-drv-db4_3.6.8-5etch1_i386.deb
 655c55837cdccd7d70048f2ba74b6adc 85084 mail optional 
libdspam7-drv-sqlite3_3.6.8-5etch1_i386.deb
 2fcf87ed0a9d0a82b984f1d7a83fd92a 109488 mail optional 
dspam-webfrontend_3.6.8-5etch1_all.deb
 22874dcda2fff6d04a0c644338dcf848 94508 doc optional 
dspam-doc_3.6.8-5etch1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBR7g8TWz0hbPcukPfAQLBIAf+M9xDH8s15yeRYwsaSBi7dFXije+UV3P9
KqKHhUtPTkDzuvUOpYowSZPY1HCwI+rcfcssLwuVgXJ/N6zS6hWa/srrtnA9SCgZ
29+lpUE4L15XKh7MmbfF9+Tbep4EiFBCPCyzh1fkfKiLQmdeAujFu63sHoNBSDFQ
NX5GdP3xxqCMlT5uDM5qrIyIWlJm9B5d53fAyFA/nSU+fcSUqQc+bLSmGF8CxV+q
z8Mcb2Ub/VeQaQJJP1l9LiPXTfPf7haEUAh7dLkZbL+4rstYCHRWQNRrvBZ6HDsn
OtIMK8/X5WOy66bKQpEK0IJia8hT/71BlCC0jKb82wedA+GzWMXWSQ==
=bq2l
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to