CVE-2007-5933: Remote denial of service

Bug #163056 reported by William Grant
256
Affects Status Importance Assigned to Milestone
pioneers (Debian)
Fix Released
Unknown
pioneers (Ubuntu)
Fix Released
Undecided
William Grant
Dapper
Fix Released
Undecided
William Grant
Edgy
Fix Released
Undecided
William Grant
Feisty
Fix Released
Undecided
William Grant
Gutsy
Fix Released
Undecided
William Grant
Hardy
Fix Released
Undecided
William Grant

Bug Description

Binary package hint: pioneers

Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.

Revision history for this message
William Grant (wgrant) wrote :

Fixed in 0.11.3-2 in Debian. I'll steal the patches from sarge/etch when they're available.

Changed in pioneers:
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → In Progress
Kees Cook (kees)
Changed in pioneers:
status: In Progress → Triaged
Revision history for this message
William Grant (wgrant) wrote :

0.11.3-2 is in Hardy.

Changed in pioneers:
status: Triaged → Fix Released
Revision history for this message
William Grant (wgrant) wrote :
Changed in pioneers:
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
William Grant (wgrant) wrote :
Revision history for this message
Kees Cook (kees) wrote :

Thanks for preparing this! I've uploaded it to the security queue; it should be published shortly.

Changed in pioneers:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
William Grant (wgrant) wrote :

pioneers (0.10.2-3ubuntu1.7.10) gutsy-security; urgency=low

  * SECURITY UPDATE: Denial of service by triggering delete operation on
    server while Session is in use. (LP: #163056)
  * debian/patches/CVE-2007-{5933,6010}.dpatch: Check that the session is
    unused before freeing it. Patch from upstream.
  * References
    CVE-2007-5933
    CVE-2007-6010

 -- William Grant <email address hidden> Tue, 27 Nov 2007 19:59:46 +1100

Revision history for this message
William Grant (wgrant) wrote :

pioneers (0.10.2-3ubuntu1.7.04) feisty-security; urgency=low

  * SECURITY UPDATE: Denial of service by triggering delete operation on
    server while Session is in use. (LP: #163056)
  * debian/patches/CVE-2007-{5933,6010}.dpatch: Check that the session is
    unused before freeing it. Patch from upstream.
  * References
    CVE-2007-5933
    CVE-2007-6010

 -- William Grant <email address hidden> Tue, 27 Nov 2007 20:21:13 +1100

Changed in pioneers:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
William Grant (wgrant)
Changed in pioneers:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in pioneers:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.