Package: libfbembed1 Version: 1.5.1-1 Severity: serious Tags: security patch upstream
Hi, (The purpose of this bugreport is mainly to get it fixed in stable. Upload to unstable is pending.) This time the security-related bug in firebird2 is DoS. The "classic" flavour of the server (contained in libfbembed1) uses semaphore array for IPC and creates this array with world-writable permissions. This allows a local attacker to lock all semaphores in the array effectively blocking further requests. I post the bug in the BTS without privatelly discussion with the team, since the vulnerability is published in upstreams bugtracker[1]. [1] http://sourceforge.net/tracker/index.php?func=detail&aid=1466193&group_id=9028&atid=593943 A fix to the vulnerability is to create semaphores with 0660 permissions. The patch to unstable package is in separate-file-and-sem-perms.dpatch[2]. Patch to stable package may be based on it (stable implements part of it). I can also prepare an interdiff for stable if you prefer. [2] http://svn.debian.org/wsvn/pkg-firebird/trunk/debian/patches/separate-file-and-sem-perms.dpatch?op=file&rev=0&sc=0 A note about Version: in stable the libfbembed1 package is named libfirebird2-classic. The vulnerability is present in all 1.5 versions. Ah, there is also one file created with 0666, but it is in /var/run/firebird2, which is accessable for firebird:firebird only and thus poses no threats. Please tell me if I can be of some help. Greetings, dam -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.13+reiser4+dam.1 Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8) Versions of packages libfbembed1 depends on: ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii libgcc1 1:4.1.0-1 GCC support library ii libncurses5 5.5-1 Shared libraries for terminal hand ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3 libfbembed1 recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
