Ubuntu

CVE-2007-5933: Remote denial of service

Reported by William Grant on 2007-11-16
256
Affects Status Importance Assigned to Milestone
pioneers (Debian)
Fix Released
Unknown
pioneers (Ubuntu)
Undecided
William Grant
Dapper
Undecided
William Grant
Edgy
Undecided
William Grant
Feisty
Undecided
William Grant
Gutsy
Undecided
William Grant
Hardy
Undecided
William Grant

Bug Description

Binary package hint: pioneers

Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to cause a denial of service (crash) by triggering a delete operation while the Session object is still being used, as demonstrated by causing a "Broken pipe" error.

William Grant (wgrant) wrote :

Fixed in 0.11.3-2 in Debian. I'll steal the patches from sarge/etch when they're available.

Changed in pioneers:
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → Confirmed
assignee: nobody → fujitsu
status: New → In Progress
Kees Cook (kees) on 2007-11-20
Changed in pioneers:
status: In Progress → Triaged
William Grant (wgrant) wrote :

0.11.3-2 is in Hardy.

Changed in pioneers:
status: Triaged → Fix Released
William Grant (wgrant) wrote :
Changed in pioneers:
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
status: Confirmed → In Progress
William Grant (wgrant) wrote :
William Grant (wgrant) wrote :
William Grant (wgrant) wrote :
Kees Cook (kees) wrote :

Thanks for preparing this! I've uploaded it to the security queue; it should be published shortly.

Changed in pioneers:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
status: In Progress → Fix Committed
William Grant (wgrant) wrote :

pioneers (0.10.2-3ubuntu1.7.10) gutsy-security; urgency=low

  * SECURITY UPDATE: Denial of service by triggering delete operation on
    server while Session is in use. (LP: #163056)
  * debian/patches/CVE-2007-{5933,6010}.dpatch: Check that the session is
    unused before freeing it. Patch from upstream.
  * References
    CVE-2007-5933
    CVE-2007-6010

 -- William Grant <email address hidden> Tue, 27 Nov 2007 19:59:46 +1100

William Grant (wgrant) wrote :

pioneers (0.10.2-3ubuntu1.7.04) feisty-security; urgency=low

  * SECURITY UPDATE: Denial of service by triggering delete operation on
    server while Session is in use. (LP: #163056)
  * debian/patches/CVE-2007-{5933,6010}.dpatch: Check that the session is
    unused before freeing it. Patch from upstream.
  * References
    CVE-2007-5933
    CVE-2007-6010

 -- William Grant <email address hidden> Tue, 27 Nov 2007 20:21:13 +1100

Changed in pioneers:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
William Grant (wgrant) on 2007-12-04
Changed in pioneers:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in pioneers:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.