libsasl2: re-entrance when used with libnss-ldap
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-sasl2 (Debian) |
Fix Released
|
Unknown
|
|||
cyrus-sasl2 (Ubuntu) |
Fix Released
|
Medium
|
Martin Pitt |
CVE References
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #1 |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#2 |
Package: libsasl2
Version: 2.1.15-4
Severity: critical
Justification: breaks unrelated software
Bug #145766 describes a problem with cyrus-imap using libnss-ldap. It was closed, because it is a
problem in libsasl2, not cyrus-imap. The README.debian explains this and recommends to compile
libldap2 --without-
unusable.
I cannot find a bug for libsasl2 about this re-entrance bug. Perhaps bug #220837? I assume the
problem is still there. There was a patch for libsasl7 that has been applied shortly
before Woody has been released to fix this problem in libsasl7 1.5.28-1 (see bug #139568).
For Sarge I think this problem has to be solved. Could you apply this patch from libsasl7 to
libsasl2?
Daniel
-- System Information
Debian Release: 3.0-bunk-1
Architecture: i386
Kernel: Linux eltern 2.4.22-2-k7 #1 Sun Apr 25 00:12:04 CEST 2004 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro
Versions of packages libsasl2 depends on:
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libdb3 3.2.9-16 Berkeley v3 Database Libraries [ru
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#3 |
#From WordNet (r) 2.0 [wn]:
#
# unrelated
# adj 1: not connected or associated [ant: {related}]
# 2: not connected by kinship [ant: {related}]
severity 274087 grave
thanks
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #4 |
Message-ID: <email address hidden>
Date: Wed, 29 Sep 2004 20:34:50 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: "unrelated"
#From WordNet (r) 2.0 [wn]:
#
# unrelated
# adj 1: not connected or associated [ant: {related}]
# 2: not connected by kinship [ant: {related}]
severity 274087 grave
thanks
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Martin Pitt (pitti) wrote : | #5 |
This bug only occurs when using LDAP authentication with libnss-ldap. Since this
package is not in Warty, it is not really release critical for Warty.
Therefore I downgrade this to normal. Any opposition to this?
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#6 |
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-
libsasl2-
libsasl2-
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/
* upstream CVS: plugins/
plugins/
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1a
e489181f0ca74c
c3509401264b09
b69a98c3039f07
0eeddbff8fee4a
82fd1fc5f09fb5
4bbce17451309f
8125b12a6cabff
e825bd4e73049b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBZqX97iX
9R0pq3Zge7GGyTL
=P67P
-----END PGP SIGNATURE-----
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Debian Bug Importer (debzilla) wrote : | #7 |
Message-Id: <email address hidden>
Date: Fri, 08 Oct 2004 10:47:03 -0400
From: Henrique de Moraes Holschuh <email address hidden>
To: <email address hidden>
Cc: Henrique de Moraes Holschuh <email address hidden>, Dima Barsky <email address hidden>
Subject: Fixed in NMU of cyrus-sasl2 2.1.19-1.2
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-
libsasl2-
libsasl2-
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/
* upstream CVS: plugins/
plugins/
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1a
e489181f0ca74c
c3509401264b09
b69a98c3039f07
0eeddbff8fee4a
82fd1fc5f09fb5
4bbce17451309f
8125b12a6cabff
e825bd4e73049b
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Martin Pitt (pitti) wrote : | #8 |
Matt, since the Debian version is fixed (and it also contains the fix for #2158,
which Fabio already fixed in Warty), can we sync the package? The changelog does
not look very scary. Alternatively, shall I backport the fix for just this bug
from Debian?
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Matt Zimmerman (mdz) wrote : | #9 |
Let's take the NMU from Debian
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
Martin Pitt (pitti) wrote : | #10 |
This has been fixed by syncing cyrus-sasl2_
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#11 |
tags 332703 pending
tags 285605 pending
tags 276637 pending
tags 275431 pending
tags 274087 pending
tags 245818 pending
tags 248333 pending
tags 256808 pending
tags 202836 pending
tags 262339 pending
tags 242184 pending
tags 259503 pending
tags 259658 pending
tags 254818 pending
tags 253894 pending
tags 254454 pending
tags 254818 pending
tags 240714 pending
tags 232086 pending
tags 212615 pending
tags 213521 pending
tags 223253 pending
tags 202354 pending
tags 217538 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 211958 pending
tags 215862 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 202876 pending
tags 203096 pending
tags 202838 pending
tags 202642 pending
tags 202569 pending
tags 201893 pending
tags 192502 pending
tags 197070 pending
tags 193958 pending
tags 188716 pending
tags 166702 pending
tags 190673 pending
tags 177426 pending
tags 179810 pending
tags 178987 pending
tags 172453 pending
tags 170740 pending
tags 167858 pending
tags 167855 pending
tags 171938 pending
tags 170495 pending
tags 167876 pending
tags 166538 pending
tags 166810 pending
tags 163845 pending
tags 163042 pending
tags 164393 pending
tags 162927 pending
tags 154153 pending
tags 146543 pending
tags 156286 pending
tags 158296 pending
tags 155025 pending
tags 154965 pending
tags 151798 pending
tags 153127 pending
tags 146229 pending
tags 151796 pending
tags 146791 pending
tags 151567 pending
tags 133458 pending
tags 148693 pending
tags 131792 pending
tags 150957 pending
tags 144200 pending
tags 146982 pending
tags 147484 pending
tags 146790 pending
tags 131791 pending
tags 131792 pending
thanks
Author: hartmans
Date: 2005-12-16 21:10:04 -0500 (Fri, 16 Dec 2005)
New Revision: 2292
Added:
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
tags 332703 pending
tags 285605 pending
tags 276637 pending
tags 275431 pending
tags 274087 pending
tags 245818 pending
tags 248333 pending
tags 256808 pending
tags 202836 pending
tags 262339 pending
tags 242184 pending
tags 259503 pending
tags 259658 pending
tags 254818 pending
tags 253894 pending
tags 254454 pending
tags 254818 pending
tags 240714 pending
tags 232086 pending
tags 212615 pending
tags 213521 pending
tags 223253 pending
tags 202354 pending
tags 217538 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 211958 pending
tags 215862 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 202876 pending
tags 203096 pending
tags 202838 pending
tags 202642 pending
tags 202569 pending
tags 201893 pending
tags 192502 pending
tags 197070 pending
tags 193958 pending
tags 188716 pending
tags 166702 pending
tags 190673 pending
tags 177426 pending
tags 179810 pending
tags 178987 pending
tags 172453 pending
tags 170740 pending
tags 167858 pending
tags 167855 pending
tags 171938 pending
tags 170495 pending
tags 167876 pending
tags 166538 pending
tags 166810 pending
tags 163845 pending
tags 163042 pending
tags 164393 pending
tags 162927 pending
tags 154153 pending
tags 146543 pending
tags 156286 pending
tags 158296 pending
tags 155025 pending
tags 154965 pending
tags 151798 pending
tags 153127 pending
tags 146229 pending
tags 151796 pending
tags 146791 pending
tags 151567 pending
tags 133458 pending
tags 148693 pending
tags 131792 pending
tags 150957 pending
tags 144200 pending
tags 146982 pending
tags 147484 pending
tags 146790 pending
tags 131791 pending
tags 131792 pending
thanks
Author: hartmans
Date: 2005-12-16 21:10:49 -0500 (Fri, 16 Dec 2005)
New Revision: 2296
Added:
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#13 |
tags 274087 pending
tags 344686 pending
tags 362511 pending
tags 245818 pending
tags 276637 pending
tags 285605 pending
tags 332703 pending
tags 336485 pending
tags 345880 pending
tags 357527 pending
tags 379846 pending
tags 248333 pending
tags 315177 pending
tags 324288 pending
tags 361937 pending
tags 242184 pending
tags 256808 pending
tags 202836 pending
tags 262339 pending
tags 265751 pending
tags 275498 pending
tags 276849 pending
tags 368370 pending
tags 282775 pending
tags 321760 pending
tags 205859 pending
tags 348685 pending
tags 286285 pending
tags 314724 pending
tags 316404 pending
tags 328879 pending
tags 296449 pending
tags 257306 pending
tags 310438 pending
tags 365183 pending
tags 327749 pending
tags 302280 pending
tags 365287 pending
tags 354413 pending
tags 254298 pending
tags 300710 pending
tags 287313 pending
tags 392571 pending
tags 211156 pending
tags 251735 pending
tags 257181 pending
tags 274402 pending
tags 190658 pending
thanks
--
Roberto C. Sanchez
http://
http://
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#14 |
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers. With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now
close 271146 2.10c-3.1
close 271221 0.9.14-1.1
close 273411 0.9.14-1.1
close 271673 6:6.0.6.2-1.3
close 271956 1.0-7.1
close 272245 2.04-11.2
close 273043 5.0.13-0.1
close 273338 1.2-4.2
close 273357 0.16.14-1.2
close 271221 0.9.14-1.1
close 273411 0.9.14-1.1
close 273613 1.0.5-1.1
close 273800 1.3-0.1
close 274087 2.1.19-1.2
close 275431 2.1.19-1.2
close 274106 1:19970918-12.2
close 274501 0.99.16-1.1
close 274503 0.99.17-2.1
close 274507 0.4-9.1
close 274955 0.3.35.1
close 275432 1.5.28-6.2
close 276637 2.1.19-1.4
close 276825 3.8.3-4.1
close 276851 0.61-6.1
close 278001 0.99.17-2.2
close 279483 6.1
close 279484 1.1
close 280309 1.5-9.1
close 212905 1.5-9.1
close 235681 1.5-9.1
close 236463 1.5-9.1
close 280337 3.2.0.115-7.1
close 356855 3.2.0.115-7.1
close 281282 0.9.3-2
close 282879 2.04-11.1
close 300174 1.0.0b-4.1
close 283756 0.63-1.2
close 284741 0.1.18-1.2
close 284872 0.70-pre2003112
close 284925 1.1.2-2.1
close 285058 1.2-7.1
close 347152 0.9.7.1+
close 285528 2.3.11-1.1
close 322368 2.3.11-1.1
close 285605 2.1.19-1.6
close 285628 0.8.3-1.1
close 285762 0.94-7woody4
close 289464 0.94-7woody4
close 285889 0.98.38-1.1
close 285902 20050625-0.1
close 285918 3.06-9.1
close 288966 3.06-9.1
close 326367 3.06-9.1
close 346671 3.06-9.1
close 286309 1:0.5.0-1.1
close 286633 1:0.5.0-1.1
close 286492 2.5.7-3
close 329499 2.5.7-3
close 287059 2.0.12-1.1
close 287066 2.1.1-3.1
close 314008 2.1.1-3.1
close 327992 2.1.1-3.1
close 287190 1.99.11-1.1
close 287628 0.6-10.1
close 323728 0.6-10.1
close 287629 2.0b3-13.1
close 287639 0.6.2-2.1
close 287677 1.4.8-9.1
close 206905 0.7-7.1
close 221950 0.7-7.1
close 287749 0.7-7.1
close 296526 0.7-7.1
close 317259 0.7-7.1
close 287886 0.4.2+cvs.
close 336046 0.4.2+cvs.
close 287891 2.1.8-2.1
close 326106 2.1.8-2.1
close 275651 0.6.0-8.1
close 287923 0.6.0-8.1
close 313937 0.6.0-8.1
close 324839 0.6.0-8.1
close 288158 200300506-1.1
close 288441 1.0.8-1.1
close 336944 1.0.8-1.1
close 288536 0.0.7E6F3-4.1
close 290390 0.0.7E6F3-4.1
close 295080 0.0.7E6F3-4.1
close 318375 0.0.7E6F3-4.1
close 288819 0.1.5.9+
close 288834 0.2.1-1.1
close 307036 0.2.1-1.1
close 322985 0.2.1-1.1
close 322993 0.2.1-1.1
close 288925 0.9.5+really0.
Changed in cyrus-sasl2: | |
status: | Fix Committed → Fix Released |
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#15 |
Source: cyrus-sasl-2.1
Source-Version: 2.1.22-0~pre01
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl-2.1, which is due to be installed in the Debian FTP archive:
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2_
to pool/main/
sasl2-bin_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Fagerholm <email address hidden> (supplier of updated cyrus-sasl-2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 19 Oct 2006 23:26:02 +0300
Source: cyrus-sasl-2.1
Binary: libsasl2-2 cyrus-sasl-2.1-bin libsasl2 libsasl2-2-dev sasl2-bin libsasl2-dev libsasl2-
Architecture: source i386 all
Version: 2.1.22-0~pre01
Distribution: ex...
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#16 |
The bug still exists and it appears in real-world situations:
- using libnss-ldap
- configuring sendmail to do smtp auth as client
First, libnss-ldap will call sasl_client_init() providing a global
callback function list; it will also call more sasl functions
Much later sendmail wants to authenticate and calls sasl_client_init()
again with a different global callback list. This new callback list is
of course important... The code in sasl_client_init() looks like this in
2.1.22.dfsg1 (and also in 2.1.19):
if(_
/* We're already active, just increase our refcount */
/* xxx do something with the callback structure? */
return SASL_OK;
}
So the problem is known.
Anyway, trying to use sendmail with smtp auth as client on a machine
with libnss_ldap will not work. Worse, the reason will be completely in
the dark since auth.log says
Nov 16 00:24:19 localhost sm-mta[9890]: No worthy mechs found
and mail.log says
Nov 16 00:24:19 localhost sm-mta[9890]: kAEFnQqh004922: AUTH=client,
available mechanisms do not fulfill requirements
which is both *very* misleading.
Moritz Both
![](/+icing/build/overlay/assets/skins/sam/images/close.gif)
|
#17 |
An additional hint:
If you try to reproduce this, deinstall nscd. nscd will cache user
database info so libnss_ldap is not called, thus, everything suddenly
works, most of the times (but not always).
Moritz
Message-Id: <email address hidden>
Date: Wed, 29 Sep 2004 20:50:47 +0000
From: Daniel Betschart <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libsasl2: re-entrance when used with libnss-ldap
Package: libsasl2
Version: 2.1.15-4
Severity: critical
Justification: breaks unrelated software
Bug #145766 describes a problem with cyrus-imap using libnss-ldap. It was closed, because it is a cyrus-sasl. But this makes a lot of functionality of the package openldap2
problem in libsasl2, not cyrus-imap. The README.debian explains this and recommends to compile
libldap2 --without-
unusable.
I cannot find a bug for libsasl2 about this re-entrance bug. Perhaps bug #220837? I assume the
problem is still there. There was a patch for libsasl7 that has been applied shortly
before Woody has been released to fix this problem in libsasl7 1.5.28-1 (see bug #139568).
For Sarge I think this problem has to be solved. Could you apply this patch from libsasl7 to
libsasl2?
Daniel
-- System Information
Debian Release: 3.0-bunk-1
Architecture: i386
Kernel: Linux eltern 2.4.22-2-k7 #1 Sun Apr 25 00:12:04 CEST 2004 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro
Versions of packages libsasl2 depends on:
ii libc6 2.2.5-11.5 GNU C Library: Shared libraries an
ii libdb3 3.2.9-16 Berkeley v3 Database Libraries [ru