Your message dated Sun, 13 May 2012 22:15:11 +0000
with message-id <e1sth4j-0002pz...@franck.debian.org>
and subject line Bug#658830: fixed in pam-shield 0.9.2-3.3
has caused the Debian Bug report #658830,
regarding libpam-shield: doesn't block any IP when allow_missing_dns=no
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
658830: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658830
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libpam-shield
Version: 0.9.2-3.2
Severity: grave
Tags: security
With allow_missing_dns and allow_missing_reverse set to "no" (default
configuration in Squeeze), pam_shield doesn't take any action
whatsoever, besides logging the IP. If I set both variables to "yes",
the IPs are null-routed as expected. I tested by connecting via SSH from
a system without DNS records.
This seems to be a bug fixed upstream in September 2010 [1]. Is this
package still actively maintained in Debian? Upstream seems to be quite
active, but the Debian changelog doesn't seem to suggest any code
changes since December 2007.
-- System Information:
Debian Release: 6.0.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686-bigmem (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=UTF-8 (charmap=locale: Cannot set
LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-shield depends on:
ii libc6 2.11.3-2 Embedded GNU C Library:
Shared lib
ii libgdbm3 1.8.3-9 GNU dbm database routines
(runtime
ii libpam0g 1.1.1-6.1+squeeze1 Pluggable Authentication
Modules l
libpam-shield recommends no packages.
Versions of packages libpam-shield suggests:
ii iproute 20100519-3 networking and traffic
control too
ii iptables 1.4.8-3 administration tools for
packet fi
-- Configuration Files:
/etc/security/shield.conf changed:
debug on
block all-users
allow_missing_dns yes
allow_missing_reverse yes
allow localhost
db /var/lib/pam_shield/db
trigger_cmd /usr/sbin/shield-trigger
max_conns 3
interval 1h
retention 1w
-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = "en_US:en",
LC_ALL = (unset),
LC_CTYPE = "UTF-8",
LANG = "en_US.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
--- End Message ---
--- Begin Message ---
Source: pam-shield
Source-Version: 0.9.2-3.3
We believe that the bug you reported is fixed in the latest version of
pam-shield, which is due to be installed in the Debian FTP archive:
libpam-shield_0.9.2-3.3_amd64.deb
to main/p/pam-shield/libpam-shield_0.9.2-3.3_amd64.deb
pam-shield_0.9.2-3.3.diff.gz
to main/p/pam-shield/pam-shield_0.9.2-3.3.diff.gz
pam-shield_0.9.2-3.3.dsc
to main/p/pam-shield/pam-shield_0.9.2-3.3.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 658...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Niehof <jtnie...@gmail.com> (supplier of updated pam-shield package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 26 Feb 2012 09:55:31 -0700
Source: pam-shield
Binary: libpam-shield
Architecture: source amd64
Version: 0.9.2-3.3
Distribution: unstable
Urgency: high
Maintainer: Mateusz Kaduk <mate...@kaduk.net>
Changed-By: Jonathan Niehof <jtnie...@gmail.com>
Description:
libpam-shield - locks out remote attackers trying password guessing
Closes: 658830
Changes:
pam-shield (0.9.2-3.3) unstable; urgency=high
.
* Non-maintainer upload.
* Fix CVE-2012-2350: block IPs when allow_missing_dns is no
(Closes: #658830).
Checksums-Sha1:
ec15570454c63dfb89e8559f24edfd3d361cbe3a 2486 pam-shield_0.9.2-3.3.dsc
ab779f05eb8899e7faa45528f8fe0ea5b2d96206 7904 pam-shield_0.9.2-3.3.diff.gz
662ce4e13916f40cec743d4d0ffd3c05103ae141 24004
libpam-shield_0.9.2-3.3_amd64.deb
Checksums-Sha256:
bc8bd71ff3c9abdda289d3ecfd908bcbb3ef6c3e681cdb26fc2eee406cbdfb1c 2486
pam-shield_0.9.2-3.3.dsc
72607006e707a681315d1a7214840dcebc315edeb77e79c33e8d2f63e4f4cd08 7904
pam-shield_0.9.2-3.3.diff.gz
e78b63166f9d9e22307d60d5c8bdda20c6de15c209c9d401eace892bcb910832 24004
libpam-shield_0.9.2-3.3_amd64.deb
Files:
4f8c383885145d9195ad4846a718e263 2486 admin optional pam-shield_0.9.2-3.3.dsc
a9c97b2a9c4f2f35a4ad6225d7399b32 7904 admin optional
pam-shield_0.9.2-3.3.diff.gz
28f6929cdd8d4621c261f579a1ca56b2 24004 admin optional
libpam-shield_0.9.2-3.3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJPsC0GAAoJELjWss0C1vRzMS4f/RVaVRdT5s4FQFxRT9eCczG8
bt+t7+CKWmjA0/X8q2H4uS/5OdyNcDcALhzFGqICfmt+J44/G7USli+WySGZx2gQ
bYs65BVf5/jng0AJvzAnQ0w+8wlShAzYnNDnzRPDrep6HG6qRqgwMm9V+/73WOex
dPRXDA0VKvYnD3Dc4FjvlD4dkK4i0NLcGCzavpJlWwbPdM1l8Bp7a/75X/es7xL7
MCj6sylUxCsANWtSxW9pw3VCt7GhnUz/yfIOk3ACcGBbK/LSIDT3h/ZwH08J0d4/
mTPsrF1Gkcgxl9sc2kaYlej3Y1Avc77mmWDacGIF6yKUjPFkbFAW4OW4CQRWkaES
xILmi1TOFtkwLsia6wpag9N99tEIY0EU/gZYwxx3iVT+v/Qu6x+bEFqgOS8brHnI
K8rQxSMMSrZX9W6CpWpMxBWsqtuEX9mHfqmOTWhwjQa1tv71CsVq7UtdY1Zru/yb
q82iUyzRTfDt4eZWejxH4bl6+Q17mLQnCvs+ZaGeXRxGP0gd/DUsk/w/7BQd779O
YNEbpz9DwQciup5NGDYJIZWrTZZodPgg6HF9nV7CG8h3n012IL4u6wbf3tzTA4eP
Cnd2jGRmOSjHrovCIOWIkTXee79JMJlvuOTuxTxSkmUg5JB7rAtMhOJRgKW92TL6
XVlhD214dL1Z+t4Qx5GiYWAb+JjfIOjq/riH35dGIBG1dM1U7dJJqL4IV7bUIlYd
pJpnPbgvkRp8DSM525WQNi8D3AJgJ1UScn5KXZPcrFM868MdAMxJYObRFxlIahEH
Afrqke555B2TFE7wVjEVauIFfjJSrmZl3hPy4W7Dyu8tz6iVaFQRr3LSrlGwyo0V
cZUvrIMGWhSzryoi5hbFBCn7nXb9Kno5uVlZ6iR49KK/IYZxZ4Qua2wgC2jQOsSx
oNcXPF1EOAjdNKu8++vHLploTb5rtD3XZofqtbM86KczAT69CJhOZfIUB3jblP1K
JFYqhk2rSx4TWIoREGZv6eVskmF/FyiTb34Wz4XJRtEdmqzFvsSKswRH4P/MuTFi
hejfU7TwIxhyqrvaL/VnodOpMvTDFVLj3G2m9BLddBA+tJStUdZA9v2jEV90ccjC
JGRSaJ/YCa5baN4DacYk+IjHS/aXAqIZnq9KGwWLVVDEswDxf9kSdfCHvrLdbXjS
TEWUgGZRqjOLDaEwJ5NXPOqBb6ACxPeAkQTLNerp7EOjb2h+WapGwYRqlHH63eRh
hTG1mF9eLnGatp5t4spgnYBEiU/X3fuLgTeIxZvetcbmATc5pSdLRBXubn1Qkw9K
9sZnN/XoRTXRsGATwesJ/O84X/nZqwo0xP5nXDyY4j4QftH6KKdjs2W20PM3msk=
=Ro8V
-----END PGP SIGNATURE-----
--- End Message ---
