Your message dated Sun, 13 Apr 2008 10:32:03 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#475227: fixed in audit 1.5.3-2.1 has caused the Debian Bug report #475227, regarding auditd: CVE-2008-1628 buffer overflow in audit_log_user_command function might lead to code execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 475227: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475227 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: auditd Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for auditd. CVE-2008-1628[0]: | Stack-based buffer overflow in the audit_log_user_command function in | lib/audit_logging.c in Linux Audit before 1.7 might allow remote | attackers to execute arbitrary code via a long command argument. | NOTE: some of these details are obtained from third party information. In the audit_log_user_command function the command line passed to the kernel for example if the command is used via sudo is copied via strcpy into a buffer without any bounds checking and leads to stack corruption. Patch: --- audit_logging.c 2007-04-09 23:50:01.000000000 +0200 +++ audit_logging.c.new 2008-04-09 19:35:21.000000000 +0200 @@ -607,7 +607,11 @@ } p = cmd; - strcpy(commname, cmd); + if (len >= PATH_MAX) { + cmd[PATH_MAX] = 0; + len = PATH_MAX-1; + } + while (*p) { if (*p == '"' || *p < 0x21 || (unsigned)*p > 0x7f) { _audit_c2x(commname, cmd, len); If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1628 http://security-tracker.debian.net/tracker/CVE-2008-1628 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpiWXxOy9flK.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: audit Source-Version: 1.5.3-2.1 We believe that the bug you reported is fixed in the latest version of audit, which is due to be installed in the Debian FTP archive: audit_1.5.3-2.1.diff.gz to pool/main/a/audit/audit_1.5.3-2.1.diff.gz audit_1.5.3-2.1.dsc to pool/main/a/audit/audit_1.5.3-2.1.dsc auditd_1.5.3-2.1_amd64.deb to pool/main/a/audit/auditd_1.5.3-2.1_amd64.deb libaudit-dev_1.5.3-2.1_amd64.deb to pool/main/a/audit/libaudit-dev_1.5.3-2.1_amd64.deb libaudit0_1.5.3-2.1_amd64.deb to pool/main/a/audit/libaudit0_1.5.3-2.1_amd64.deb python-audit_1.5.3-2.1_amd64.deb to pool/main/a/audit/python-audit_1.5.3-2.1_amd64.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <[EMAIL PROTECTED]> (supplier of updated audit package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 10 Apr 2008 15:06:25 +0200 Source: audit Binary: auditd libaudit0 libaudit-dev python-audit Architecture: source amd64 Version: 1.5.3-2.1 Distribution: unstable Urgency: high Maintainer: Philipp Matthias Hahn <[EMAIL PROTECTED]> Changed-By: Nico Golde <[EMAIL PROTECTED]> Description: auditd - User space tools for security auditing libaudit-dev - Header files and static library for security auditing libaudit0 - Dynamic library for security auditing python-audit - Python bindings for security auditing Closes: 475227 Changes: audit (1.5.3-2.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Added CVE-2008-1628.patch to fix a stack-based buffer overflow in the audit_log_user_command function which can be triggered via a command argument that is passed to that function and might lead to execution of arbitrary code (Closes: #475227). Checksums-Sha1: 9d9eea9b3845d3d8d87c3a89b5c0ae710cfa4178 1170 audit_1.5.3-2.1.dsc 64c74fd2476f58b2550b905a366f125a59901ef0 6402 audit_1.5.3-2.1.diff.gz 27c2681aeeb71e43a503977e3f2fa9b4160906c6 230634 auditd_1.5.3-2.1_amd64.deb 63ff7dcc815eb0ac90070b69fc17d25511e4d955 52540 libaudit0_1.5.3-2.1_amd64.deb ed0510a690ae9124952662df836a08673443c98e 93724 libaudit-dev_1.5.3-2.1_amd64.deb 3b2300a5fc84b6d345bb1b4afae241402564bcf3 58268 python-audit_1.5.3-2.1_amd64.deb Checksums-Sha256: 5de2bf87069ceb4a347222e4605696e0621f619e0e84375dc407511ba3df0a06 1170 audit_1.5.3-2.1.dsc 5ca8234d7f5652dd00855fbb3b48af81505c741729597c1fc358e01db7d77b73 6402 audit_1.5.3-2.1.diff.gz 9443c394379baf1b3e2509206867a1b1e799297d1f5ea4f27cc7dd7fe471cad8 230634 auditd_1.5.3-2.1_amd64.deb dd85ac25a5054a5082df8732e1492fc08991eb125fc1e082377e64d3e542f1ef 52540 libaudit0_1.5.3-2.1_amd64.deb 24daabc2965aa259817187dd2f51c03739eca7f8aecca071434a35887e717dd7 93724 libaudit-dev_1.5.3-2.1_amd64.deb 1944fa4f5093c12cef6cf42b0747b941f6ae21aba5436462659d5be277c27813 58268 python-audit_1.5.3-2.1_amd64.deb Files: c01f0caf381e69b502e76c7667926f58 1170 libs extra audit_1.5.3-2.1.dsc f70a452b51a0e9ce887ae1b656923657 6402 libs extra audit_1.5.3-2.1.diff.gz 4fe82f251a8a3b0a78d219edd8442b4f 230634 admin extra auditd_1.5.3-2.1_amd64.deb 3b4dec6fdf0f2029c84b888a1beea8fe 52540 libs extra libaudit0_1.5.3-2.1_amd64.deb a5ce3238338a8e3544fc3477b014506a 93724 libdevel extra libaudit-dev_1.5.3-2.1_amd64.deb 266487ba269306553f11fe33f02b8c05 58268 python extra python-audit_1.5.3-2.1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFIAd4YHYflSXNkfP8RAqTzAJ9aEO7p0WTSF0kVtzAtJQJkSp9q5QCfeH2n v+GGeQ20TIdmRjN3tcEtTb4= =3UN2 -----END PGP SIGNATURE-----
--- End Message ---
