Your message dated Wed, 09 Nov 2005 14:18:10 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#338312: fixed in osh 1.7-15
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 9 Nov 2005 12:42:30 +0000
>From [EMAIL PROTECTED] Wed Nov 09 04:42:30 2005
Return-path: <[EMAIL PROTECTED]>
Received: from 24-182-23-95.dhcp.crcy.nv.charter.com (bokeoa.com)
[24.182.23.95]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EZpHa-0000aF-00; Wed, 09 Nov 2005 04:42:30 -0800
Received: by bokeoa.com (Postfix, from userid 1000)
id C0976329B0; Wed, 9 Nov 2005 04:42:08 -0800 (PST)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Charles Stevenson <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: osh: Environment Variable Input Validation Bug
X-Mailer: reportbug 3.17
Date: Wed, 09 Nov 2005 04:42:08 -0800
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-10.5 required=4.0 tests=BAYES_00,HAS_PACKAGE,
RCVD_IN_SORBS,X_DEBBUGS_CC autolearn=ham
version=2.60-bugs.debian.org_2005_01_02
Package: osh
Version: 1.7-14
Severity: critical
Tags: security
Justification: root security hole
Due to a bug in the environment variable substitution code it is
possible to inject environment variables such as LD_PRELOAD and gain a
root shell.
Fully-functional local root exploit here:
http://pulltheplug.org/users/core/files/x_osh3.sh
Kind Regards,
Charles Stevenson
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-corezion
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages osh depends on:
ii libc6 2.3.5-6 GNU C Library: Shared libraries an
ii libncurses5 5.4-9 Shared libraries for terminal hand
ii logrotate 3.7.1-2 Log rotation utility
osh recommends no packages.
-- no debconf information
---------------------------------------
Received: (at 338312-close) by bugs.debian.org; 9 Nov 2005 22:23:29 +0000
>From [EMAIL PROTECTED] Wed Nov 09 14:23:29 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EZyGg-0005PK-00; Wed, 09 Nov 2005 14:18:10 -0800
From: Oohara Yuuma <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#338312: fixed in osh 1.7-15
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 09 Nov 2005 14:18:10 -0800
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: osh
Source-Version: 1.7-15
We believe that the bug you reported is fixed in the latest version of
osh, which is due to be installed in the Debian FTP archive:
osh_1.7-15.diff.gz
to pool/main/o/osh/osh_1.7-15.diff.gz
osh_1.7-15.dsc
to pool/main/o/osh/osh_1.7-15.dsc
osh_1.7-15_i386.deb
to pool/main/o/osh/osh_1.7-15_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Oohara Yuuma <[EMAIL PROTECTED]> (supplier of updated osh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 9 Nov 2005 23:05:52 +0900
Source: osh
Binary: osh
Architecture: source i386
Version: 1.7-15
Distribution: unstable
Urgency: high
Maintainer: Oohara Yuuma <[EMAIL PROTECTED]>
Changed-By: Oohara Yuuma <[EMAIL PROTECTED]>
Description:
osh - Operator's Shell
Closes: 338312
Changes:
osh (1.7-15) unstable; urgency=high
.
* urgency set to high because this version fixes a bug that causes
unauthorized privilege escalation (thanks to Charles Stevenson
<[EMAIL PROTECTED]> for the bug report)
* main.c: don't overwrite the return value of getenv() (closes: #338312)
Files:
ca036c5484091fa935e20df7b3b64b93 553 shells extra osh_1.7-15.dsc
2ceeb3cfac4dad6c0288365add91cc1e 12713 shells extra osh_1.7-15.diff.gz
05e6a964564264b5678db8c5c6a832ca 27782 shells extra osh_1.7-15_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDcgcsQNb0LvRkppURAusCAJ956mjDvnN4kIwBGzpYjDzSI5c+0ACgu7hg
StPD2xuDEJEnaGSZVWS0Uds=
=e15U
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
