Your message dated Sat, 17 Dec 2011 14:05:40 +0000
with message-id <e1rbutq-0000aa...@franck.debian.org>
and subject line Bug#638002: fixed in masqmail 0.2.27-1.1+squeeze1
has caused the Debian Bug report #638002,
regarding Improper seteuid() calls in src/log.c and src/masqmail.c
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
638002: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638002
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: masqmail
Version: 0.2.21-4
Severity: critical
Tags: security
Justification: root security hole
Reporting publicly since this has already been disclosed on the masqmail list.
In src/log.c there are two logging functions that use this logic:
uid_t saved_uid;
saved_uid = seteuid(conf.mail_uid);
....write to a log file...
seteuid(saved_uid);
The first seteuid() call here isn't returning the previous EUID, it's
returning 0 on success and -1 on failure. The net result should be that
any time masqmail writes to the log, it's resetting the EUID to root.
This would undo the effect of other code in masqmail that drops root
privileges.
The most recent upstream version of masqmail (0.3.2) contains identical
code to the version I audited (Debian stable's version 0.2.27).
Per information provided by the upstream author, src/masqmail.c contains
additional code with the same type of flaw.
-- System Information:
Debian Release: 6.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: masqmail
Source-Version: 0.2.27-1.1+squeeze1
We believe that the bug you reported is fixed in the latest version of
masqmail, which is due to be installed in the Debian FTP archive:
masqmail_0.2.27-1.1+squeeze1.diff.gz
to main/m/masqmail/masqmail_0.2.27-1.1+squeeze1.diff.gz
masqmail_0.2.27-1.1+squeeze1.dsc
to main/m/masqmail/masqmail_0.2.27-1.1+squeeze1.dsc
masqmail_0.2.27-1.1+squeeze1_amd64.deb
to main/m/masqmail/masqmail_0.2.27-1.1+squeeze1_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 638...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated masqmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 04 Dec 2011 22:02:34 +0000
Source: masqmail
Binary: masqmail
Architecture: source amd64
Version: 0.2.27-1.1+squeeze1
Distribution: stable
Urgency: low
Maintainer: markus schnalke <mei...@marmaro.de>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
masqmail - mail transport agent for intermittently connected hosts
Closes: 638002
Changes:
masqmail (0.2.27-1.1+squeeze1) stable; urgency=low
.
* Non-maintainer upload.
* Fix improper seteuid() calls in src/log.c and src/masqmail.c
(Closes: #638002)
Checksums-Sha1:
3ebd57b72ab829b5b9d62a158da728e0e8b1f7e1 1768 masqmail_0.2.27-1.1+squeeze1.dsc
8d0131e589e7a7708632efabcefa9395d5a6a05b 68654
masqmail_0.2.27-1.1+squeeze1.diff.gz
72a3179da455f22479f1454d1cb2243e6246be1b 199838
masqmail_0.2.27-1.1+squeeze1_amd64.deb
Checksums-Sha256:
7941948281a45260c414600b10106cac61ccec6affb260ad58a5b17e0c7ecfd2 1768
masqmail_0.2.27-1.1+squeeze1.dsc
89fe50f91cba7241dd18dce1f0801e44d0bd60b4ae388868f8d6699f4e21699d 68654
masqmail_0.2.27-1.1+squeeze1.diff.gz
fda35e8c6dff4eaaaf6beb14339ae68c72289cde2f697be5cadd5d185d331eed 199838
masqmail_0.2.27-1.1+squeeze1_amd64.deb
Files:
3986f50a210b11bf9fd4562826c2e273 1768 mail extra
masqmail_0.2.27-1.1+squeeze1.dsc
c2784a4cc84028bcd94befa12ad1cb65 68654 mail extra
masqmail_0.2.27-1.1+squeeze1.diff.gz
151c2cb980f549f6df99d45a9d1ea048 199838 mail extra
masqmail_0.2.27-1.1+squeeze1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJO6QfrAAoJEFOUR53TUkxRHzMP+gJH2WmfbsWf3mCV1TqfN2Gv
FL4irKb+kXlzWuWXj+fFaOl7m+PuhgdOa/ltohhE02JW2P4rBKOXeCOwaJJk20px
bwSW0w7ZHc6OXul4Ev/26+w2fWEyExMzdCX+YY5/91HhGih1SCSS8+z2hu49O5aL
6OqMfQU+S39nXRhTK1aKKAcIatLecIrptfDJtpt9kGXdPIDAjdVoc6BRxaGukX4X
ejgHjSkPL40zF2X22mYBBWLAHg31HUbfAw9nyc38Pp+WSVvngB6Aq57hmM4RVNMY
/1yt0rwHbcqm+PQATx1rZ8WO2yVjt22JwJXKRUhm1ctVItOeRcgF1J/ZrW29qLdL
1xR/TZZLtzg+ax4Z5Dfn5iSCe4seOQPSRUxRQPiGoUMEtwDdq0/xATRTUiErt3+H
KoTmbboPlr7NlIwgsoZMJZ2pzyKNeeYz3/13fIMa5AKj1uPtA/M2lgkCFPr0RpPJ
xIu+gbZcZRDXeC9SQUm3i1ip1M81amS7BufX4HBW9SllKJIkCnB2ZwWXbCCxOQgc
L+c3qbw6fk4ioPLJ7Yj0geN9AGL1QdFXOeqxaSV0Zeo5khZrKWyX2Y1yn4rmOcHE
YJ43E2pJNgZ4tJx6qqsWxlFhjSBfe89azr6LqVKHHjNaoJVx43Pq3Iggb59T/3ho
ZFMLWeoOaLys8KIB66mu
=oagH
-----END PGP SIGNATURE-----
--- End Message ---
