Bug#612034: marked as done (vulnerability: rewrite arbitrary user file)

Fri, 12 Aug 2011 12:57:40 -0700 

Your message dated Fri, 12 Aug 2011 19:54:59 +0000
with message-id <e1qrxop-0007wd...@franck.debian.org>
and subject line Bug#612034: fixed in aptitude 0.6.3-3.2+squeeze1
has caused the Debian Bug report #612034,
regarding vulnerability: rewrite arbitrary user file
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
612034: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612034
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: aptitude
Version: 0.6.3-3.2ubuntu1
Severity: grave
Tags: security
Justification: user security hole
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu natty

This bug report was also filed in Ubuntu and can be found at
http://launchpad.net/bugs/607264
The description, from segooon, follows:

Binary package hint: aptitude

Hi, I've just discovered that aptitude is vulnerable to rewriting any user 
(maybe root) file:

bool hier_editor::handle_key(const cw::config::key &k)
....
      if(homedir.empty())
        {
....
          cfgfile = "/tmp/function_pkgs";
        }
....
      save_hier(cfgfile);

Here attacker can create link to any file in the system that user may write to. 
If process has no $HOME set, this file would be overwritten.

It is rare that $HOME is null, but it such rare case it is vulnerable.

Thanks.

-- System Information:
Debian Release: squeeze/sid
  APT prefers natty
  APT policy: (500, 'natty')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-12-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Source: aptitude
Source-Version: 0.6.3-3.2+squeeze1

We believe that the bug you reported is fixed in the latest version of
aptitude, which is due to be installed in the Debian FTP archive:

aptitude-dbg_0.6.3-3.2+squeeze1_amd64.deb
  to main/a/aptitude/aptitude-dbg_0.6.3-3.2+squeeze1_amd64.deb
aptitude-doc-cs_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-cs_0.6.3-3.2+squeeze1_all.deb
aptitude-doc-en_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-en_0.6.3-3.2+squeeze1_all.deb
aptitude-doc-es_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-es_0.6.3-3.2+squeeze1_all.deb
aptitude-doc-fi_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-fi_0.6.3-3.2+squeeze1_all.deb
aptitude-doc-fr_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-fr_0.6.3-3.2+squeeze1_all.deb
aptitude-doc-ja_0.6.3-3.2+squeeze1_all.deb
  to main/a/aptitude/aptitude-doc-ja_0.6.3-3.2+squeeze1_all.deb
aptitude-gtk_0.6.3-3.2+squeeze1_amd64.deb
  to main/a/aptitude/aptitude-gtk_0.6.3-3.2+squeeze1_amd64.deb
aptitude_0.6.3-3.2+squeeze1.debian.tar.gz
  to main/a/aptitude/aptitude_0.6.3-3.2+squeeze1.debian.tar.gz
aptitude_0.6.3-3.2+squeeze1.dsc
  to main/a/aptitude/aptitude_0.6.3-3.2+squeeze1.dsc
aptitude_0.6.3-3.2+squeeze1_amd64.deb
  to main/a/aptitude/aptitude_0.6.3-3.2+squeeze1_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 612...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated aptitude package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 10 Aug 2011 23:30:04 +0100
Source: aptitude
Binary: aptitude aptitude-gtk aptitude-dbg aptitude-doc-cs aptitude-doc-en 
aptitude-doc-es aptitude-doc-fi aptitude-doc-fr aptitude-doc-ja
Architecture: source amd64 all
Version: 0.6.3-3.2+squeeze1
Distribution: stable
Urgency: low
Maintainer: Daniel Burrows <dburr...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description: 
 aptitude   - terminal-based package manager (terminal interface only)
 aptitude-dbg - Debug symbols for the aptitude package manager
 aptitude-doc-cs - Czech manual for aptitude, a terminal-based package manager
 aptitude-doc-en - English manual for aptitude, a terminal-based package manager
 aptitude-doc-es - Spanish manual for aptitude, a terminal-based package manager
 aptitude-doc-fi - Finnish manual for aptitude, a terminal-based package manager
 aptitude-doc-fr - French manual for aptitude, a terminal-based package manager
 aptitude-doc-ja - Japanese manual for aptitude, a terminal-based package 
manager
 aptitude-gtk - terminal-based package manager (GUI and terminal interfaces)
Closes: 612034
Changes: 
 aptitude (0.6.3-3.2+squeeze1) stable; urgency=low
 .
   * Non-maintainer upload.
   * Backport of 0009-fix-symlink-attack:
     Fix a potential symlink attack that could occur if a user
     with no home directory edited and saved the package hierarchy
     definitions. (Closes: #612034)
Checksums-Sha1: 
 d27c2eabf3474397ec74167d25da8ab9c864bb08 2351 aptitude_0.6.3-3.2+squeeze1.dsc
 5a4786b01141c7e382ad627c57c5eed3da201b72 48511 
aptitude_0.6.3-3.2+squeeze1.debian.tar.gz
 15574b9e6a613173815d28550dd3233a22fe9aa1 3853766 
aptitude_0.6.3-3.2+squeeze1_amd64.deb
 98167ff098d8abe9708e331866ed356d26a06569 2012864 
aptitude-gtk_0.6.3-3.2+squeeze1_amd64.deb
 d22a7e5e279c4bf8556904e2ea93d87c713804ea 24439422 
aptitude-dbg_0.6.3-3.2+squeeze1_amd64.deb
 690dd18cf7e84292ca2ef88a24b42ea3fd5aa5e0 387786 
aptitude-doc-cs_0.6.3-3.2+squeeze1_all.deb
 55beb91af945d9bffedfa61010485355585a2f0c 455182 
aptitude-doc-en_0.6.3-3.2+squeeze1_all.deb
 f01ac3ef4111f5936c1d5e36c7f23abb8240debe 479924 
aptitude-doc-es_0.6.3-3.2+squeeze1_all.deb
 a0b601d3a656e0081edb36e5e668a99b6112c22f 277504 
aptitude-doc-fi_0.6.3-3.2+squeeze1_all.deb
 5941b838f534a0677f4df44e4eda76fb38e46cc9 338160 
aptitude-doc-fr_0.6.3-3.2+squeeze1_all.deb
 6fa3c9c0a3b4995685e2f20d5e902fccb83124c5 400786 
aptitude-doc-ja_0.6.3-3.2+squeeze1_all.deb
Checksums-Sha256: 
 2e34a1e5a8bd77d84656bf3499a109896c4c09da5a5bf2c9e8c8bf351c1e1acb 2351 
aptitude_0.6.3-3.2+squeeze1.dsc
 9905dfd1268adfa65a9ab9473f53bafd497a73d7ed04346de5ed2b0b06d1c28c 48511 
aptitude_0.6.3-3.2+squeeze1.debian.tar.gz
 1e11db1e5ee22eb1078aeee00564b0174ff16b956b9eaec935d465fb68c80afa 3853766 
aptitude_0.6.3-3.2+squeeze1_amd64.deb
 27048253e8f14581d1e8490ec6e2a40299852340d82dda394a8c8861b8d71fcd 2012864 
aptitude-gtk_0.6.3-3.2+squeeze1_amd64.deb
 bfe9b4de239cf08623283e3927d169f44db534db107f97feefe0dd4893f8498b 24439422 
aptitude-dbg_0.6.3-3.2+squeeze1_amd64.deb
 d06c77db4e31a25755b8591b8c9a1e3ac0c6fe6845821f408f1d684d7b26e2eb 387786 
aptitude-doc-cs_0.6.3-3.2+squeeze1_all.deb
 1fa55e4059374252ca08cf1d98564730818584b3f35c086e3b60e8c704e8c310 455182 
aptitude-doc-en_0.6.3-3.2+squeeze1_all.deb
 e3d7552b193d91aca349a97732a8b22d18c8622984a3ce3c1e0929c9c2b56713 479924 
aptitude-doc-es_0.6.3-3.2+squeeze1_all.deb
 47f5ebdddaa874da589c7ad880b98d5047e634bdd8c82215ef1727c696ed518b 277504 
aptitude-doc-fi_0.6.3-3.2+squeeze1_all.deb
 ac9098f8b6f286e964c541c7c9ad94114655a4af13c0b1fdc89467a989a16b92 338160 
aptitude-doc-fr_0.6.3-3.2+squeeze1_all.deb
 42663fe5d48268dc361c589813d7c36fa2654c0d4d73b42a4e9f9834915191cd 400786 
aptitude-doc-ja_0.6.3-3.2+squeeze1_all.deb
Files: 
 c61619bd70191c860d338424d08fe666 2351 admin - aptitude_0.6.3-3.2+squeeze1.dsc
 1586373f719b7421c640223698e7de2d 48511 admin - 
aptitude_0.6.3-3.2+squeeze1.debian.tar.gz
 9a15fe8c4ee0127abf5159c0324b6404 3853766 admin important 
aptitude_0.6.3-3.2+squeeze1_amd64.deb
 95b353ffb2a0dd9b661bf0de3b83be52 2012864 admin optional 
aptitude-gtk_0.6.3-3.2+squeeze1_amd64.deb
 84859b53966c37e3eb74aaed50159735 24439422 debug extra 
aptitude-dbg_0.6.3-3.2+squeeze1_amd64.deb
 409423ef089301e418a2aa313077a92e 387786 doc optional 
aptitude-doc-cs_0.6.3-3.2+squeeze1_all.deb
 9cb651d297e8b7b31fc09004910c3377 455182 doc optional 
aptitude-doc-en_0.6.3-3.2+squeeze1_all.deb
 8c1e325395d6de0cf269db1d63ace920 479924 doc optional 
aptitude-doc-es_0.6.3-3.2+squeeze1_all.deb
 c32b894e93b019f601cfd86ad7a5d1d4 277504 doc optional 
aptitude-doc-fi_0.6.3-3.2+squeeze1_all.deb
 aa36c4dc27ff397fa302d0fa71674a9a 338160 doc optional 
aptitude-doc-fr_0.6.3-3.2+squeeze1_all.deb
 9dad79781ed18db54554832ea5586906 400786 doc optional 
aptitude-doc-ja_0.6.3-3.2+squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJORPKeAAoJEFOUR53TUkxRGuwP/1ZhcLbwpNiNFF4M+zQH5GaR
QVashmCeVl6yOb51YMvhRaEhgvgXsY4CB0EeNC9+PwPkQbg5X5X0kYbGRzw/mssp
F13ypfAQhgjp4sxzLOJolUsZRTlUOZkbA6CGMGZdQQ1aqk2yBp2gBvFyiWl7MxVU
MGQbJSawFGGXUDH7FGeizuxE4qKn+KvLnnV0f7NxdVBgBAHdOkYgmLOUclknbIbT
pAY5CkIrlxeiLdAndrfR7OFe9mwmtm7/2Qlyj7eG9i9/J7hoBgvsjl58yZ27BfJk
+l+k3lcHsp24CgFz8WNlovkkCrAUexxvFaTj8VdI3N3C2+8nDYnQn9soV/g0r0/U
QXywliNTrEOfpoeRmCIsLSA68cnf5UwfN8dJM4thweEyeHabRKnn7q7vNUAC/8cR
ykyoOLAmLOhjHdUjfEOyYJCxWvQywhCByVb23+TmLqSR5R5iRzcgRAbfwKEC+56p
ryAmxCLVKa1GC9n2GhdC6gUSjcN6VBGri0hWsWE36qynbSmoma+HhqNlND33TVoc
2UGFrio6XdKL3dXRfoXfROo2p5Fy0TaCQi7SBsS+su4Qv2MgoFS4OeGxvX95cL6w
9RivVRC4goosk9OBC4Tpo00i4RzkFJpXhTQho+4l0J5iT3pgKqeFVM3t2H94rW97
S8olZuTtux8KJumh8lLE
=B/rl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to