OpenDcHub 0.8.1 Remote Code Execution Exploit
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
opendchub (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Lucid |
Invalid
|
Medium
|
Manny Vindiola |
Bug Description
Binary package hint: opendchub
This was reported to full-disclosure:
http://
The exploit does not give shell in lucid version (0.8.0) but it will cause the daemon to crash:
$ gdb -q
(gdb) att 8503
Attaching to process 8503
Reading symbols from /usr/bin/
Reading symbols from /usr/lib/
Loaded symbols for /usr/lib/
Reading symbols from /lib/libdl.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libm.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libpthread
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib/libpthread
Reading symbols from /lib/libc.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libcap.
Loaded symbols for /lib/libcap.so.2
Reading symbols from /lib/libnsl.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib64/
Loaded symbols for /lib64/
Reading symbols from /lib/libattr.
Loaded symbols for /lib/libattr.so.1
Reading symbols from /lib/libnss_
Loaded symbols for /lib/libnss_
Reading symbols from /lib/libnss_
Loaded symbols for /lib/libnss_
Reading symbols from /lib/libnss_
Loaded symbols for /lib/libnss_
0x00007ff5e1825f18 in poll () from /lib/libc.so.6
(gdb) c
Continuing.
Program received signal SIGPIPE, Broken pipe.
0x00007ff5e18244c0 in write () from /lib/libc.so.6
(gdb) c
Continuing.
Program received signal SIGABRT, Aborted.
0x00007ff5e177fa75 in raise () from /lib/libc.so.6
(gdb) c
Continuing.
Program terminated with signal SIGABRT, Aborted.
The program no longer exists.
I have applied a patch from upstream which solves the problem.
Package builds, installs and runs cleanly in lucid chroot.
CVE References
Changed in opendchub (Ubuntu Lucid): | |
status: | New → Triaged |
Changed in opendchub (Ubuntu Lucid): | |
assignee: | nobody → Manny Vindiola (serialorder) |
importance: | Undecided → Medium |
status: | Triaged → Incomplete |
tags: | added: patch-needswork |
Confirming due to CVE, setting importance to Medium.