diff -u sing-1.1/debian/changelog sing-1.1/debian/changelog --- sing-1.1/debian/changelog +++ sing-1.1/debian/changelog @@ -1,3 +1,20 @@ +sing (1.1-11ubuntu0.7.04.1) feisty-security; urgency=low + + * SECURITY UPDATE: (LP: #173948) + + CVE-2007-6211: Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows + local users to append to arbitrary files and gain privileges via the -L + (output log file) option. + * parser.c: + + Applied patch by Nico Golde + + Link: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454167 + * References: + CVE-2007-6211 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454167 + * debian/control: + - Updated Maintainer Field according to Ubuntu Maintainer Policy + + -- Stephan Hermann Tue, 04 Dec 2007 18:22:33 +0100 + sing (1.1-11) unstable; urgency=low * Added Italian translation of debconf templates. (Closes: #344061) diff -u sing-1.1/debian/control sing-1.1/debian/control --- sing-1.1/debian/control +++ sing-1.1/debian/control @@ -1,7 +1,8 @@ Source: sing Section: net Priority: optional -Maintainer: Alberto Gonzalez Iniesta +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Alberto Gonzalez Iniesta Build-Depends: debhelper (>= 4.1.16), libpcap0.8-dev, libnet0-dev Standards-Version: 3.6.2.0 only in patch2: unchanged: --- sing-1.1.orig/parser.c +++ sing-1.1/parser.c @@ -75,6 +75,8 @@ struct protoent *proto; static struct mi_ifaz iface; struct sockaddr_in *aux2; + uid_t user_id; + static struct option options[] = { { "help", 0, 0, 'h' }, @@ -380,8 +382,15 @@ break; case 31: - if ( (packet->logfile = fopen(optarg, "a+")) == NULL ) - go_out_error(1, "fopen"); + user_id = getuid(); + uid_t tmp_id = geteuid(); + + seteuid(user_id); + if ( (packet->logfile = fopen(optarg, "a+")) == NULL ) + go_out_error(1, "fopen"); + + seteuid(tmp_id); + break; case 32: @@ -889,4 +898,4 @@ packet.mac_src[i] = strtol(data, (char **)NULL, 16); return 0; -} \ No newline at end of file +}