Bug#506530: marked as done (Remote command execution and the possibility of attack with the help of symlinks)

[Debian Bug Tracking System]

Your message dated Sat, 25 Jul 2009 20:16:13 +0100
with message-id <1248549373.640885.24176.nullmai...@kmos.homeip.net>
and subject line verlihub has been removed from Debian, closing #506530
has caused the Debian Bug report #506530,
regarding Remote command execution and the possibility of attack with the help 
of symlinks
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
506530: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506530
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: verlihub
Severity: grave
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

An exploit[0] has been published for verlihub:

> Verlihub  does not sanitize user input passed to the shell via its
> "trigger"
>   mechanism.  Furthermore, the Verlihub daemon can optionally be
>   configured to
>   run  as  root.  This allows for the arbitrary execution of commands
>   by users
>   connected  to  the  hub  and,  in  the  case  of the daemon running
>   as root,
>   complete commandeering of the machine.


Also:

src/ctrigger.cpp line 108:
filename.append("/tmp/trigger.tmp"); 

Malicious user could prepare a /tmp/trigger.tmp file to cause serious
data loss or compromise a system.

Author provides a fix.

If you fix the vulnerability please also make sure to include the CVE id
(if available) in the changelog entry.


[0]http://milw0rm.com/exploits/7183

Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkn4lMACgkQNxpp46476ar09wCeMT8YoPI+tozAdDQqmwBjAkcX
uUUAoI5tBGEPAYP+O7sOzDAvyPCE+8W5
=ZfcS
-----END PGP SIGNATURE-----

--- End Message ---

--- Begin Message ---

Version: 0.9.8d~rc2+nojunk-1.1+rm

The verlihub package has been removed from Debian so we are closing
the bugs that were still opened against it.

For more information about this package's removal, read
http://bugs.debian.org/529817 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

Kind regards,
--
Marco Rodrigues

--- End Message ---