Bug#522123: Regarding destar vulnerabilities

Wed, 01 Apr 2009 17:02:18 -0700 

Hello.

The first vulnerability (CVE-2008-6538) is not present in the debian packages, 
since the packages include a default 'Configurator' user and instructions on 
how to change it on README.Debian, and the exploit requires prior knowledge of 
an administrator IP address that has choosed to use auto-login (disabled by 
default in debian).

The second vulnerability (CVE-2008-6539), is a privilege scalation issue that 
is present in all debian versions available at the moment and here is a patch 
for oldstable that can be used while a new package is released:

---------------

diff -urN debian-bug-522123/page_user_settings.ptl 
/usr/share/destar/python/page_user_settings.ptl
--- debian-bug-522123/page_user_settings.ptl    2009-04-01 18:43:20.000000000 
-0500
+++ /usr/share/destar/python/page_user_settings.ptl     2009-04-01 
18:43:32.000000000 -0500
@@ -60,10 +60,10 @@
        form.add(StringWidget,       "cfto", cfto, title=_("Forward call when 
timeout/unavailable to"))
        form.add(IntWidget,          "dsec", dsec,         title=_("Seconds of 
incoming ring time"), maxlength=3, size=3)
 #      form.add(CheckboxWidget,     "vm",   vm,           title=_("Use voice 
mailbox"))
-       form.add(StringWidget,       "pin", phone.pin, title=_("Voicemail 
pin"), len=10)
+       form.add(StringWidget,       "pin", phone.pin, title=_("Voicemail 
pin"), maxlength=10)
        try:
                if phone.secret:
-                       form.add(StringWidget,  "secret", phone.secret, 
title=_("Extension Password"), len=10)
+                       form.add(StringWidget,  "secret", phone.secret, 
title=_("Extension Password"), maxlength=10)
        except AttributeError:
                pass
        form.add(SubmitWidget, '_submit', _("Submit"), render_br=False)
@@ -79,11 +79,15 @@
        manager.setVar('CFBS/%s' % phone.pbx, phone.ext, form['cfbs'] or '')
        manager.setVar('CFTO/%s' % phone.pbx, phone.ext, form['cfto'] or '')
 
-       if form["pin"]:
+       if form["pin"] and not form["pin"].__contains__("Cfg"):
                phone.pin = form["pin"]
+       else:
+               return form.render()
        try:
-               if form["secret"]:
+               if form["secret"] and not form["secret"].__contains__("Cfg"):
                        phone.secret = form["secret"]
+               else:
+                       return form.render()
        except KeyError:        
                pass
        backend.updateConfiglet(phone)



---------------


-- 
Alejandro Rios Peña




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to