Your message dated Mon, 26 Jan 2009 13:52:48 +0000
with message-id <e1lrrtq-0006f4...@ries.debian.org>
and subject line Bug#505271: fixed in shadow 1:4.0.18.1-7+etch1
has caused the Debian Bug report #505271,
regarding symlink attack in login leading to arbitrary file ownership
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
505271: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: login
Version: 1:4.0.18.1-7
Severity: normal
(I wanted to send this to 332...@bugs.debian.org but that was not
accepted, surely because that is closed/archived.)
I found in my logs (I think first occurrence of such mis-behaviour):
Nov 8 05:50:09 rome in.telnetd[21060]: connect from
p...@bari.maths.usyd.edu.au (129.78.69.145)
Nov 8 05:50:12 rome login[21062]: (pam_unix) session opened for user root by
(uid=0)
Nov 8 05:50:12 rome login[21062]: can't stat(`/dev/smb/39'): errno 2
Nov 8 05:50:12 rome login[21062]: unable to determine TTY name, got
/dev/smb/39
Surely that Samba device is wrong for a telnet session...
Hope this helps in tacking down the cause of this bug.
Cheers,
Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.24-pk03.02-svr
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages login depends on:
ii libc6 2.3.6.ds1-13etch7 GNU C Library: Shared libraries
ii libpam-modules 0.79-5 Pluggable Authentication Modules f
ii libpam-runtime 0.79-5 Runtime support for the PAM librar
ii libpam0g 0.79-5 Pluggable Authentication Modules l
login recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.0.18.1-7+etch1
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.0.18.1-7+etch1_i386.deb
to pool/main/s/shadow/login_4.0.18.1-7+etch1_i386.deb
passwd_4.0.18.1-7+etch1_i386.deb
to pool/main/s/shadow/passwd_4.0.18.1-7+etch1_i386.deb
shadow_4.0.18.1-7+etch1.diff.gz
to pool/main/s/shadow/shadow_4.0.18.1-7+etch1.diff.gz
shadow_4.0.18.1-7+etch1.dsc
to pool/main/s/shadow/shadow_4.0.18.1-7+etch1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 505...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas FRANCOIS (Nekral) <nicolas.franc...@centraliens.net> (supplier of
updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 22 Nov 2008 16:04:04 +0000
Source: shadow
Binary: login passwd
Architecture: source i386
Version: 1:4.0.18.1-7+etch1
Distribution: stable-security
Urgency: high
Maintainer: Shadow package maintainers
<pkg-shadow-de...@lists.alioth.debian.org>
Changed-By: Nicolas FRANCOIS (Nekral) <nicolas.franc...@centraliens.net>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 505271
Changes:
shadow (1:4.0.18.1-7+etch1) stable-security; urgency=high
.
* The "Curé nantais" release
* debian/patches/303_login_symlink_attack: Fix a race condition that could
lead to gaining ownership or changing mode of arbitrary files.
Closes: #505271
[CVE-2008-5394]
Files:
ec01ac54e482ea552fdae5753d6c1745 1406 admin required
shadow_4.0.18.1-7+etch1.dsc
3f54eaa3a35e7c559f4def92e9957581 2354234 admin required
shadow_4.0.18.1.orig.tar.gz
b78d9d738765da65a6b55dea102569c3 297817 admin required
shadow_4.0.18.1-7+etch1.diff.gz
82c630b2f4e18217170a73a2dab27cba 792460 admin required
passwd_4.0.18.1-7+etch1_i386.deb
439cd50477db064cdf11d9b48c0e9af0 796578 admin required
login_4.0.18.1-7+etch1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSW3rfWz0hbPcukPfAQIexQf/cUd2fZ9UooLPR830+AeYtPMC3p74736z
kYcWf/SUegGntDtylsrzTw1GWRfi5TZV8kdgBA+CPxoY0JHJlWnaUFyqwQxUR+Ux
os2crtjnjE/IT1n/+cUqLdVujwNk3LEX67W1Z1+RDcrPUTbyfRyRvTgUrLKVCZuP
PaNCMHV2Z3pqjvDrIznkWfzpp0IPeMP37hTlr4sBt+QFm8JugGyxT0tiVatEFzMf
UT9F10+Fpa6IrWHtdaSnpDlfTa31v4km07t1i/3OcobZVd/h3vsbIz+azBmlo/ar
59IfvmDhS6tM7WhFngCt/1tu50B0orFhiF8smRczhIuJx7iVy5nPeA==
=+TJJ
-----END PGP SIGNATURE-----
--- End Message ---
