Package: osh Version: 1.7-13sarge1 The are multiple vulnerabilities in the Operator Shell (osh). In my audit of version 1.7-12 I found a total of 11 vulnerabilites, a large number of which are still present in the latest stable version 1.7.-13sarge1.
A detailed analysis of the vulnerabilities is available here: http://www.phreedom.org/solar/vuln/osh/ The bugs include buffer overflows, format string bugs and race conditions. This program is almost a textbook example of how not to write privileged Unix applications. I recommend removing the package from stable, or fixing all the bugs with the following simple patch in the beginning of the main() function: diff -ru osh-1.7-13sarge1.orig/main.c osh-1.7-13sarge1/main.c --- osh-1.7-13sarge1.orig/main.c 2005-12-17 14:39:58.000000000 -0800 +++ osh-1.7-13sarge1/main.c 2006-12-18 00:26:09.000000000 -0800 @@ -758,6 +758,9 @@ struct utsname un; #endif + printf("This program is too insecure to run as root.\n"); + exit(1); + #ifndef HAVE_SYS_UTSNAME gethostname(host, 16); if ((x=strchr(host, '.'))!=NULL) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
