Your message dated Fri, 12 Aug 2011 19:54:55 +0000
with message-id <e1qrxol-0007uu...@franck.debian.org>
and subject line Bug#612034: fixed in aptitude 0.4.11.11-1~lenny2
has caused the Debian Bug report #612034,
regarding vulnerability: rewrite arbitrary user file
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
612034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: aptitude
Version: 0.6.3-3.2ubuntu1
Severity: grave
Tags: security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty
This bug report was also filed in Ubuntu and can be found at
http://launchpad.net/bugs/607264
The description, from segooon, follows:
Binary package hint: aptitude
Hi, I've just discovered that aptitude is vulnerable to rewriting any user
(maybe root) file:
bool hier_editor::handle_key(const cw::config::key &k)
....
if(homedir.empty())
{
....
cfgfile = "/tmp/function_pkgs";
}
....
save_hier(cfgfile);
Here attacker can create link to any file in the system that user may write to.
If process has no $HOME set, this file would be overwritten.
It is rare that $HOME is null, but it such rare case it is vulnerable.
Thanks.
-- System Information:
Debian Release: squeeze/sid
APT prefers natty
APT policy: (500, 'natty')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.37-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: aptitude
Source-Version: 0.4.11.11-1~lenny2
We believe that the bug you reported is fixed in the latest version of
aptitude, which is due to be installed in the Debian FTP archive:
aptitude-dbg_0.4.11.11-1~lenny2_amd64.deb
to main/a/aptitude/aptitude-dbg_0.4.11.11-1~lenny2_amd64.deb
aptitude-doc-cs_0.4.11.11-1~lenny2_all.deb
to main/a/aptitude/aptitude-doc-cs_0.4.11.11-1~lenny2_all.deb
aptitude-doc-en_0.4.11.11-1~lenny2_all.deb
to main/a/aptitude/aptitude-doc-en_0.4.11.11-1~lenny2_all.deb
aptitude-doc-fi_0.4.11.11-1~lenny2_all.deb
to main/a/aptitude/aptitude-doc-fi_0.4.11.11-1~lenny2_all.deb
aptitude-doc-fr_0.4.11.11-1~lenny2_all.deb
to main/a/aptitude/aptitude-doc-fr_0.4.11.11-1~lenny2_all.deb
aptitude-doc-ja_0.4.11.11-1~lenny2_all.deb
to main/a/aptitude/aptitude-doc-ja_0.4.11.11-1~lenny2_all.deb
aptitude_0.4.11.11-1~lenny2.diff.gz
to main/a/aptitude/aptitude_0.4.11.11-1~lenny2.diff.gz
aptitude_0.4.11.11-1~lenny2.dsc
to main/a/aptitude/aptitude_0.4.11.11-1~lenny2.dsc
aptitude_0.4.11.11-1~lenny2_amd64.deb
to main/a/aptitude/aptitude_0.4.11.11-1~lenny2_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 612...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated aptitude package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 10 Aug 2011 23:30:04 +0100
Source: aptitude
Binary: aptitude aptitude-dbg aptitude-doc-cs aptitude-doc-en aptitude-doc-fi
aptitude-doc-fr aptitude-doc-ja
Architecture: source all amd64
Version: 0.4.11.11-1~lenny2
Distribution: oldstable
Urgency: low
Maintainer: Daniel Burrows <dburr...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
aptitude - terminal-based package manager
aptitude-dbg - Debug symbols for the aptitude package manager
aptitude-doc-cs - Czech manual for aptitude, a terminal-based package manager
aptitude-doc-en - English manual for aptitude, a terminal-based package manager
aptitude-doc-fi - Finnish manual for aptitude, a terminal-based package manager
aptitude-doc-fr - French manual for aptitude, a terminal-based package manager
aptitude-doc-ja - Japanese manual for aptitude, a terminal-based package
manager
Closes: 612034
Changes:
aptitude (0.4.11.11-1~lenny2) oldstable; urgency=low
.
* Non-maintainer upload.
* Backport of 0009-fix-symlink-attack:
Fix a potential symlink attack that could occur if a user
with no home directory edited and saved the package hierarchy
definitions. (Closes: #612034)
Checksums-Sha1:
25f26c6d13816261cbb5f9a9addd5b688b28b8d9 2073 aptitude_0.4.11.11-1~lenny2.dsc
6070a10431b039ff0509d88905f0f849b97e6278 33337
aptitude_0.4.11.11-1~lenny2.diff.gz
efc31c8f15a3953bf1bd8be9bcc31f86452ea462 381156
aptitude-doc-cs_0.4.11.11-1~lenny2_all.deb
8233fcb2bac37c6da007b953994ab3ed87ce3eb0 365622
aptitude-doc-en_0.4.11.11-1~lenny2_all.deb
b5d022cccadb6103e3788a5ee07972323cdb9936 270890
aptitude-doc-fi_0.4.11.11-1~lenny2_all.deb
dc09426f6857e262f95c4071bb4401164d156f4e 312906
aptitude-doc-fr_0.4.11.11-1~lenny2_all.deb
527a942105991511477b0063a435dab1ec1a8d62 375738
aptitude-doc-ja_0.4.11.11-1~lenny2_all.deb
423ef68329248b0ecf248f19261cba57e929ced2 3069180
aptitude_0.4.11.11-1~lenny2_amd64.deb
3728425fab2e9ce2ad82bbf9bbd70c2484a4e877 6068302
aptitude-dbg_0.4.11.11-1~lenny2_amd64.deb
Checksums-Sha256:
e7c0ad656ef99ae1ee32cacb6483ed7e44b4e200c8f8f051f45d7742f8de73e3 2073
aptitude_0.4.11.11-1~lenny2.dsc
47f0b7c27263950389b14c77c7065c1d9023df8ab350a42a220e7d61ae2aabec 33337
aptitude_0.4.11.11-1~lenny2.diff.gz
6217d9eff3e271336618ef35145207ca99c75099f53185f90fa8143776f01e02 381156
aptitude-doc-cs_0.4.11.11-1~lenny2_all.deb
10f4a184fb8fb8edc9011a4620273add35d827557e8dbacad7a2ce1b5d8bc733 365622
aptitude-doc-en_0.4.11.11-1~lenny2_all.deb
b8c26c6938a5445ca86939b35981ee79c5fbcb1638b7360b4a37159168a3d0c1 270890
aptitude-doc-fi_0.4.11.11-1~lenny2_all.deb
e83cfd358bceb1c68a2912b3af54885952039df689c93802292f5cc3c0742fd2 312906
aptitude-doc-fr_0.4.11.11-1~lenny2_all.deb
90e4de7365cd5fdd6bb6e8f266b82428ab971a4824dec9562819f8fb6c1e932f 375738
aptitude-doc-ja_0.4.11.11-1~lenny2_all.deb
fe12779e36c60504256602d726cf1079820028555269f4d0720075cea5206e36 3069180
aptitude_0.4.11.11-1~lenny2_amd64.deb
5fda728b8571654c39cb586921d18f0a09ba02fbf301e6757d577046fedb8833 6068302
aptitude-dbg_0.4.11.11-1~lenny2_amd64.deb
Files:
58a81700f54d431d51cfeb18cbd07816 2073 admin - aptitude_0.4.11.11-1~lenny2.dsc
52ddf5ddfeec0b8f0cfbe52ebfd49dec 33337 admin -
aptitude_0.4.11.11-1~lenny2.diff.gz
927872f69e7f13c4b5a13f79491a96da 381156 doc optional
aptitude-doc-cs_0.4.11.11-1~lenny2_all.deb
15cb038ee53fc2cd71621554fbe06b9f 365622 doc optional
aptitude-doc-en_0.4.11.11-1~lenny2_all.deb
f7706e0aa921335cf1502490f4acca20 270890 doc optional
aptitude-doc-fi_0.4.11.11-1~lenny2_all.deb
0356d6dbd2008361445db5a5be3a034b 312906 doc optional
aptitude-doc-fr_0.4.11.11-1~lenny2_all.deb
6b63919abf5cb97a251b1f98f4269c27 375738 doc optional
aptitude-doc-ja_0.4.11.11-1~lenny2_all.deb
505107b383b57ce457c8c4611c24ffdd 3069180 admin important
aptitude_0.4.11.11-1~lenny2_amd64.deb
43f6388cf2ee3bb4c4ba417dd0562e12 6068302 devel extra
aptitude-dbg_0.4.11.11-1~lenny2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJORPXYAAoJEFOUR53TUkxRq1UP/1lDt12C2zgPUv0lnNRNQBm5
6ie36efZdAr0cqNbop+V84w9S6KOcCLeysPXa1KcIZJHTbvya0wdOGIE5VP6KFft
R75rhGadTfp5KqnRM+XAVoCvtdjhvqgXvd/K038RAr/GCj9RmkZFB5AXKUuv+824
A5rOY5J+EsaIJ5ZvzXO9EgSxxhk0XInDu705HHrwLM/LWBJsTzA/fVk1qLH28SHl
hj5RTuYE7gb45bqiKWQMxlL1rF4J91NrEfw7Y0MYlPZiTcvEc68m9f5TLnkylABc
LH4zJA/lQlzJVxhofsd7ZFCZgbvnHv0jIWOsspbN1SVA0ByplF9VM0SmICLh48Cs
EvGWdjBmeYqTS/f8u+di8wOaRiqjcrTcNnn1h7Z27iTLXC0Y0fRPzNbNUe3sYefO
gXlbA4LkR5o8zgUQixgHEq6XWH4Pt22OHGvH+0DnnA+aEXMI0wyJmxbV22lRLs2w
2veHBuwLt7IgqtptQryGfqfQzShE/YOXZDBT01VraoZ0jygh/XUlzPfW2yZ52P+R
aJWGk4b+kB8ZKJ8guSagHuY8AzCz3kthZrRTnyf7sV5oB78PHEbqwOjpXxxXlR2i
qk4aue8WbYhrKdXKGhV6PHneu0/Hqbt1msofyFCFAtugUg/r1glQG5NIbJ/eJGie
As9tfU/RQEpzT8ApKT4M
=lt+I
-----END PGP SIGNATURE-----
--- End Message ---
