improper shell quoting

Bug #76321 reported by Kees Cook on 2006-12-18
256
Affects Status Importance Assigned to Milestone
enemies-of-carlotta (Ubuntu)
Undecided
Unassigned
Breezy
Undecided
Unassigned
Dapper
Undecided
William Grant
Edgy
Undecided
William Grant
Feisty
Undecided
Unassigned

Bug Description

Binary package hint: enemies-of-carlotta

As reported by upstream:

--Start--
Antti-Juhani Kaijanaho found a security problem in EoC, both the 1.0.3
and the 1.2.3 versions. The problem is that EoC did not quote shell
arguments properly. I have fixed the problem in 1.2.4, which contains no
other changes relative to 1.2.3. This problem has the code
CVE-2006-5875.

You can find the 1.2.4 version from the EoC website:
http://liw.iki.fi/liw/eoc/ and I have also uploaded it to Debian's
unstable.

Debian's stable contains 1.0.3, and I have prepared a patch for that. It
is actually essentially the same patch as was used to create 1.2.4. The
Debian security team has uploaded a fixed version of the 1.0.3 package
to security.debian.org. I've attached it to this message in case anyone
not running Debian wants to stay with 1.0.3, but I won't be releasing a
1.0.4 unless someone really needs it (if you do, please tell me
immediately).

For risk assessment: I was unable to come up with an exploit. Doing so
would require getting a certain kind of construct through the SMTP level
to EoC, and I wasn't able to make that happen, but I would not rely on
it being impossible. Therefore, please upgrade immediately.

I apologize for this problem. It was amateurish to let the problematic
code into a released version of the program, I knew better than do that.
--EOM--

Kees Cook (kees) wrote :

Debian debdiff attached from Lars Wirzenius.

Kees Cook (kees) on 2007-03-30
Changed in enemies-of-carlotta:
status: Unconfirmed → Rejected
status: Unconfirmed → Confirmed
status: Unconfirmed → Confirmed
status: Unconfirmed → Confirmed
Marco Rodrigues (gothicx) wrote :

Breezy support is over.. Today it's Breezy End Of Life!

Changed in enemies-of-carlotta:
status: Confirmed → Rejected
William Grant (wgrant) wrote :

Ah, our security support is so quick, isn't it? I'll hopefully be more on top of things in future.

Changed in enemies-of-carlotta:
assignee: nobody → fujitsu
status: Confirmed → In Progress
assignee: nobody → fujitsu
status: Confirmed → In Progress
William Grant (wgrant) wrote :
William Grant (wgrant) on 2007-11-13
Changed in enemies-of-carlotta:
status: New → Fix Released
Kees Cook (kees) on 2007-11-20
Changed in enemies-of-carlotta:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Kees Cook (kees) wrote :

These are published now. Thanks for the preparing the debdiffs!

Changed in enemies-of-carlotta:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers