Your message dated Wed, 28 Dec 2005 08:02:06 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#344424: fixed in rssh 2.3.0-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 22 Dec 2005 16:47:57 +0000
>From [EMAIL PROTECTED] Thu Dec 22 08:47:57 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mx01.hinterhof.net ([83.137.99.114])
by spohr.debian.org with esmtp (Exim 4.50)
id 1EpTbg-0001Eh-Pe
for [EMAIL PROTECTED]; Thu, 22 Dec 2005 08:47:56 -0800
Received: from localhost (localhost [127.0.0.1])
by mx01.hinterhof.net (Postfix) with ESMTP id 0DC5EFFBF
for <[EMAIL PROTECTED]>; Thu, 22 Dec 2005 17:52:15 +0100 (CET)
Received: from dp.roam.decl.org (p54A7C266.dip0.t-ipconnect.de [84.167.194.102])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "dp.roam.decl.org", Issuer "ca.decl.org" (verified OK))
by mx01.hinterhof.net (Postfix) with ESMTP id 14859FFB4
for <[EMAIL PROTECTED]>; Thu, 22 Dec 2005 17:52:13 +0100 (CET)
Received: by dp.roam.decl.org (Postfix, from userid 1000)
id B63B7DF91A; Thu, 22 Dec 2005 17:48:10 +0100 (CET)
Date: Thu, 22 Dec 2005 17:48:10 +0100
From: Max Vozeler <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: rssh: local privilege escalation in versions < 2.3.0 (CVE-2005-3345)
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: rssh
Version: 2.2.3-3
Severity: critical
Tags: security
Hey Jesus,
rssh 2.3.0 has been released by Derek to fix the arbitrary chroot()
problem and privilege escalation we've mailed about (CVE-2005-3345)
http://www.pizzashack.org/rssh/index.shtml:
> Dec 18, 2005
>
> rssh v2.3.0 released today!
>
> Important Security Notice:
>
> Max Vozeler has reported a problem whereby rssh can allow users who
> have shell access to systems where rssh is installed (and
> rssh_chroot_helper is installed SUID) to gain root access to the
> system, due to the ability to chroot to arbitrary locations. There are
> a lot of potentially mitigating factors, but to be safe you should
> upgrade immediately. This bug affects all versions of rssh from v2.0.0
> to v2.2.3, so please upgrade now!
>
> The 2.3.0 release of rssh fixes this problem, by forcing the chroot
> helper to re-parse the config file to decide where to chroot(2) to.
> Users with shell access to the system can not subvert the chroot
> location, and may not be able to chroot at all depending on the
> configuration of rssh, which solves the problem.
Having rssh installed and rssh_chroot_helper setuid root is sufficient
for this bug to be exploitable, hence severity critical.
cheers,
Max
---------------------------------------
Received: (at 344424-close) by bugs.debian.org; 28 Dec 2005 16:11:55 +0000
>From [EMAIL PROTECTED] Wed Dec 28 08:11:55 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1Erdkc-00088u-Vd; Wed, 28 Dec 2005 08:02:06 -0800
From: Jesus Climent <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.65 $
Subject: Bug#344424: fixed in rssh 2.3.0-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 28 Dec 2005 08:02:06 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: rssh
Source-Version: 2.3.0-1
We believe that the bug you reported is fixed in the latest version of
rssh, which is due to be installed in the Debian FTP archive:
rssh_2.3.0-1.diff.gz
to pool/main/r/rssh/rssh_2.3.0-1.diff.gz
rssh_2.3.0-1.dsc
to pool/main/r/rssh/rssh_2.3.0-1.dsc
rssh_2.3.0-1_powerpc.deb
to pool/main/r/rssh/rssh_2.3.0-1_powerpc.deb
rssh_2.3.0.orig.tar.gz
to pool/main/r/rssh/rssh_2.3.0.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jesus Climent <[EMAIL PROTECTED]> (supplier of updated rssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 19 Dec 2005 20:00:02 +0200
Source: rssh
Binary: rssh
Architecture: source powerpc
Version: 2.3.0-1
Distribution: unstable
Urgency: high
Maintainer: Jesus Climent <[EMAIL PROTECTED]>
Changed-By: Jesus Climent <[EMAIL PROTECTED]>
Description:
rssh - Restricted shell allowing only scp, sftp, cvs, rsync and/or rdist
Closes: 344395 344424
Changes:
rssh (2.3.0-1) unstable; urgency=high
.
* New upstream release.
* This package is a security update:
- closes CVE-2005-3345.
- Closes: #344424, #344395
Files:
43616b7c0360063d50654b074b0e69ae 592 net optional rssh_2.3.0-1.dsc
4badd1c95bf9b9507e6642598e809dd5 113701 net optional rssh_2.3.0.orig.tar.gz
7090f32e81cdf815e9311772dd1ba1c1 13888 net optional rssh_2.3.0-1.diff.gz
b5d9a545abd38350759d017924e1b2a5 48004 net optional rssh_2.3.0-1_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDqzQrZvwdf4aUbWkRAp6wAKDbOBmJcIBKnkkc7N0y6ipQkNOcZACg7AFi
DA5h7ggZi+qz371+OSsRWRs=
=ETnF
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
