cyrus-sasl2: Local privilege escalation on setuid environment (CAN-2004-0884)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cyrus-sasl2 (Debian) |
Fix Released
|
Unknown
|
|||
cyrus-sasl2 (Ubuntu) |
Fix Released
|
High
|
Fabio Massimo Di Nitto |
Bug Description
Automatically imported from Debian bug report #275431 http://
CVE References
Debian Bug Importer (debzilla) wrote : | #1 |
Debian Bug Importer (debzilla) wrote : | #2 |
Message-ID: <email address hidden>
Date: Fri, 8 Oct 2004 01:01:34 -0300
From: Henrique de Moraes Holschuh <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: cyrus-sasl2: Local privilege escalation on setuid environment (CAN-2004-0884)
Package: cyrus-sasl2
Severity: critical
Tags: security sarge sid
Justification: root security hole
See:
http://
https:/
http://
I will upload a NMU (version -1.2) shortly.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.28-
Locale: LANG=pt_BR, LC_CTYPE=pt_BR
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Fabio Massimo Di Nitto (fabbione) wrote : | #3 |
Fixed with cyrus-sasl2_
In Debian Bug tracker #275431, Henrique de Moraes Holschuh (hmh) wrote : Fixed in NMU of cyrus-sasl2 2.1.19-1.2 | #4 |
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-
libsasl2-
libsasl2-
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/
* upstream CVS: plugins/
plugins/
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1a
e489181f0ca74c
c3509401264b09
b69a98c3039f07
0eeddbff8fee4a
82fd1fc5f09fb5
4bbce17451309f
8125b12a6cabff
e825bd4e73049b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBZqX97iX
9R0pq3Zge7GGyTL
=P67P
-----END PGP SIGNATURE-----
Debian Bug Importer (debzilla) wrote : | #5 |
Message-Id: <email address hidden>
Date: Fri, 08 Oct 2004 10:47:03 -0400
From: Henrique de Moraes Holschuh <email address hidden>
To: <email address hidden>
Cc: Henrique de Moraes Holschuh <email address hidden>, Dima Barsky <email address hidden>
Subject: Fixed in NMU of cyrus-sasl2 2.1.19-1.2
tag 274087 + fixed
tag 275431 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 8 Oct 2004 11:15:39 -0300
Source: cyrus-sasl2
Binary: libsasl2 libsasl2-
Architecture: source i386
Version: 2.1.19-1.2
Distribution: unstable
Urgency: high
Maintainer: Dima Barsky <email address hidden>
Changed-By: Henrique de Moraes Holschuh <email address hidden>
Description:
libsasl2 - Authentication abstraction library
libsasl2-dev - Development files for authentication abstraction library
libsasl2-modules - Pluggable Authentication Modules for SASL
libsasl2-
libsasl2-
libsasl2-
sasl2-bin - Programs for manipulating the SASL users database
Closes: 274087 275431
Changes:
cyrus-sasl2 (2.1.19-1.2) unstable; urgency=high
.
* NMU, since I am not sure Dima is back yet
* SECURITY FIX: SASL_PATH environment variable must not be honoured on
setuid environments, otherwise we have a local privilege escalation
exploit (CVE: CAN-2004-0884), related advisories: RHSA-2004:546-02;
GLSA 200410-05
* upstream CVS: lib/common.c: don't honor SASL_PATH in setuid
environment. from Gentoo (CVE CAN-2004-0884); (closes: #275431)
* upstream CVS: plugins/
* upstream CVS: plugins/
plugins/
warnings
* Forward port sasl_set_alloc locking patch from SASL 1.5, to avoid
problems with the braindead idea of globals SASL has, and with libraries
that think they can get around mucking with them (hello openldap!)
(closes: #274087)
Files:
3babd0a1794f1a
e489181f0ca74c
c3509401264b09
b69a98c3039f07
0eeddbff8fee4a
82fd1fc5f09fb5
4bbce17451309f
8125b12a6cabff
e825bd4e73049b
In Debian Bug tracker #275431, Sam Hartman (hartmans) wrote : Debian Kerberosish: r2292 - in cyrus-sasl2-mit: . debian/current debian/current/debian debian/current/debian/patches debian/current/p | #6 |
tags 332703 pending
tags 285605 pending
tags 276637 pending
tags 275431 pending
tags 274087 pending
tags 245818 pending
tags 248333 pending
tags 256808 pending
tags 202836 pending
tags 262339 pending
tags 242184 pending
tags 259503 pending
tags 259658 pending
tags 254818 pending
tags 253894 pending
tags 254454 pending
tags 254818 pending
tags 240714 pending
tags 232086 pending
tags 212615 pending
tags 213521 pending
tags 223253 pending
tags 202354 pending
tags 217538 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 211958 pending
tags 215862 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 202876 pending
tags 203096 pending
tags 202838 pending
tags 202642 pending
tags 202569 pending
tags 201893 pending
tags 192502 pending
tags 197070 pending
tags 193958 pending
tags 188716 pending
tags 166702 pending
tags 190673 pending
tags 177426 pending
tags 179810 pending
tags 178987 pending
tags 172453 pending
tags 170740 pending
tags 167858 pending
tags 167855 pending
tags 171938 pending
tags 170495 pending
tags 167876 pending
tags 166538 pending
tags 166810 pending
tags 163845 pending
tags 163042 pending
tags 164393 pending
tags 162927 pending
tags 154153 pending
tags 146543 pending
tags 156286 pending
tags 158296 pending
tags 155025 pending
tags 154965 pending
tags 151798 pending
tags 153127 pending
tags 146229 pending
tags 151796 pending
tags 146791 pending
tags 151567 pending
tags 133458 pending
tags 148693 pending
tags 131792 pending
tags 150957 pending
tags 144200 pending
tags 146982 pending
tags 147484 pending
tags 146790 pending
tags 131791 pending
tags 131792 pending
thanks
Author: hartmans
Date: 2005-12-16 21:10:04 -0500 (Fri, 16 Dec 2005)
New Revision: 2292
Added:
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
tags 332703 pending
tags 285605 pending
tags 276637 pending
tags 275431 pending
tags 274087 pending
tags 245818 pending
tags 248333 pending
tags 256808 pending
tags 202836 pending
tags 262339 pending
tags 242184 pending
tags 259503 pending
tags 259658 pending
tags 254818 pending
tags 253894 pending
tags 254454 pending
tags 254818 pending
tags 240714 pending
tags 232086 pending
tags 212615 pending
tags 213521 pending
tags 223253 pending
tags 202354 pending
tags 217538 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 211958 pending
tags 215862 pending
tags 213510 pending
tags 212945 pending
tags 212318 pending
tags 202876 pending
tags 203096 pending
tags 202838 pending
tags 202642 pending
tags 202569 pending
tags 201893 pending
tags 192502 pending
tags 197070 pending
tags 193958 pending
tags 188716 pending
tags 166702 pending
tags 190673 pending
tags 177426 pending
tags 179810 pending
tags 178987 pending
tags 172453 pending
tags 170740 pending
tags 167858 pending
tags 167855 pending
tags 171938 pending
tags 170495 pending
tags 167876 pending
tags 166538 pending
tags 166810 pending
tags 163845 pending
tags 163042 pending
tags 164393 pending
tags 162927 pending
tags 154153 pending
tags 146543 pending
tags 156286 pending
tags 158296 pending
tags 155025 pending
tags 154965 pending
tags 151798 pending
tags 153127 pending
tags 146229 pending
tags 151796 pending
tags 146791 pending
tags 151567 pending
tags 133458 pending
tags 148693 pending
tags 131792 pending
tags 150957 pending
tags 144200 pending
tags 146982 pending
tags 147484 pending
tags 146790 pending
tags 131791 pending
tags 131792 pending
thanks
Author: hartmans
Date: 2005-12-16 21:10:49 -0500 (Fri, 16 Dec 2005)
New Revision: 2296
Added:
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
cyrus-
In Debian Bug tracker #275431, Adam D. Barratt (debian-bts-adam-barratt) wrote : Bugs fixed in NMU, documenting versions | #8 |
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers. With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now
close 271146 2.10c-3.1
close 271221 0.9.14-1.1
close 273411 0.9.14-1.1
close 271673 6:6.0.6.2-1.3
close 271956 1.0-7.1
close 272245 2.04-11.2
close 273043 5.0.13-0.1
close 273338 1.2-4.2
close 273357 0.16.14-1.2
close 271221 0.9.14-1.1
close 273411 0.9.14-1.1
close 273613 1.0.5-1.1
close 273800 1.3-0.1
close 274087 2.1.19-1.2
close 275431 2.1.19-1.2
close 274106 1:19970918-12.2
close 274501 0.99.16-1.1
close 274503 0.99.17-2.1
close 274507 0.4-9.1
close 274955 0.3.35.1
close 275432 1.5.28-6.2
close 276637 2.1.19-1.4
close 276825 3.8.3-4.1
close 276851 0.61-6.1
close 278001 0.99.17-2.2
close 279483 6.1
close 279484 1.1
close 280309 1.5-9.1
close 212905 1.5-9.1
close 235681 1.5-9.1
close 236463 1.5-9.1
close 280337 3.2.0.115-7.1
close 356855 3.2.0.115-7.1
close 281282 0.9.3-2
close 282879 2.04-11.1
close 300174 1.0.0b-4.1
close 283756 0.63-1.2
close 284741 0.1.18-1.2
close 284872 0.70-pre2003112
close 284925 1.1.2-2.1
close 285058 1.2-7.1
close 347152 0.9.7.1+
close 285528 2.3.11-1.1
close 322368 2.3.11-1.1
close 285605 2.1.19-1.6
close 285628 0.8.3-1.1
close 285762 0.94-7woody4
close 289464 0.94-7woody4
close 285889 0.98.38-1.1
close 285902 20050625-0.1
close 285918 3.06-9.1
close 288966 3.06-9.1
close 326367 3.06-9.1
close 346671 3.06-9.1
close 286309 1:0.5.0-1.1
close 286633 1:0.5.0-1.1
close 286492 2.5.7-3
close 329499 2.5.7-3
close 287059 2.0.12-1.1
close 287066 2.1.1-3.1
close 314008 2.1.1-3.1
close 327992 2.1.1-3.1
close 287190 1.99.11-1.1
close 287628 0.6-10.1
close 323728 0.6-10.1
close 287629 2.0b3-13.1
close 287639 0.6.2-2.1
close 287677 1.4.8-9.1
close 206905 0.7-7.1
close 221950 0.7-7.1
close 287749 0.7-7.1
close 296526 0.7-7.1
close 317259 0.7-7.1
close 287886 0.4.2+cvs.
close 336046 0.4.2+cvs.
close 287891 2.1.8-2.1
close 326106 2.1.8-2.1
close 275651 0.6.0-8.1
close 287923 0.6.0-8.1
close 313937 0.6.0-8.1
close 324839 0.6.0-8.1
close 288158 200300506-1.1
close 288441 1.0.8-1.1
close 336944 1.0.8-1.1
close 288536 0.0.7E6F3-4.1
close 290390 0.0.7E6F3-4.1
close 295080 0.0.7E6F3-4.1
close 318375 0.0.7E6F3-4.1
close 288819 0.1.5.9+
close 288834 0.2.1-1.1
close 307036 0.2.1-1.1
close 322985 0.2.1-1.1
close 322993 0.2.1-1.1
close 288925 0.9.5+really0.
Changed in cyrus-sasl2: | |
status: | Fix Committed → Fix Released |
In Debian Bug tracker #275431, Fabian Fagerholm (fabbe-debian) wrote : Bug#275431: fixed in cyrus-sasl-2.1 2.1.22-0~pre03 | #9 |
Source: cyrus-sasl-2.1
Source-Version: 2.1.22-0~pre03
We believe that the bug you reported is fixed in the latest version of
cyrus-sasl-2.1, which is due to be installed in the Debian FTP archive:
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
cyrus-sasl-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2-
to pool/main/
libsasl2_
to pool/main/
sasl2-bin_
to pool/main/
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to <email address hidden>,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Fabian Fagerholm <email address hidden> (supplier of updated cyrus-sasl-2.1 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing <email address hidden>)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 23 Oct 2006 17:27:18 +0300
Source: cyrus-sasl-2.1
Binary: libsasl2-2 cyrus-sasl-2.1-bin libsasl2 libsasl2-2-dev sasl2-bin libsasl2-
Architecture: sour...
Automatically imported from Debian bug report #275431 http:// bugs.debian. org/275431