Confirm : Rolex or Cartier or Breitling?
Get the Finest Rolex Watch Replica ! We only sell premium watches. There's no battery in these replicas just like the real ones since they charge themselves as you move. The second hand moves JUST like the real ones, too. These original watches sell in stores for thousands of dollars. We sell them for much less. - Replicated to the Smallest Detail - 98% Perfectly Accurate Markings - Signature Green Sticker w/ Serial Number on Watch Back - Magnified Quickset Date - Includes all Proper Markings http://www.chooseyourwatch4u.net/ you seethed me family me [2 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#1039689: rsh-client: Command injection in netkit-rcp
Package: rsh-client
Version: 0.17-24
Severity: grave
Tags: security
Dear Maintainer,
netkit-rcp, shipped for Debian in the rsh-client package
(https://packages.debian.org/bookworm/rsh-client) is vulnerable to a command
injection. I am
reaching to you as I could not find the upstream URL of the developpers (I
think the project may be unmaintained).
Moritz Mühlenhoff confirmed there was no upstream for it
Details:
Tested on rsh-client version 0.17-24:
```
$ apt showsrc rsh-client
Package: netkit-rsh
Binary: rsh-client, rsh-server
Version: 0.17-24
Maintainer: Debian QA Group
[...]
```
Any of the "fN" (files) or "directory" options of the netkit-rcp command line
can be used to inject commands. Below is an example injecting a
"whoami" command:
```
$ ltrace /usr/bin/netkit-rcp "test" ";whoami"
getopt(3, 0x7ffd134ccc38, "dfprt")
= -1
getservbyname("shell", "tcp")
= 0x7f1846a37dc0
getuid()
= 1000
getpwuid(1000, 0x7f18469f62ff, 0, 0x7f18469322f7)
= 0x7f1846a36a00
snprintf("rcp", 64, "rcp%s%s%s", "", "", "")
= 3
signal(SIGPIPE, 0x55c473e09bbc)
= 0
strlen("test")
= 4
strlen(";whoami")
= 7
malloc(38)
= 0x55c47528fed0
snprintf("/bin/cp test ;whoami", 38, "%s%s%s %s %s", "/bin/cp", "", "", "test",
";whoami") = 20
vfork(0x55c47528fed0, 0x55c473e0b14f, 0, 1)
= 0x3967b2
signal(SIGINT, 0x1)
= 0
signal(SIGQUIT, 0x1)
= 0
wait(0x7ffd134cca40/bin/cp: missing destination file operand after 'test'
Try '/bin/cp --help' for more information.
kali
<== "whoami" result
--- SIGCHLD (Child exited) ---
<... wait resumed> )
= 3762098
signal(SIGINT, 0)
= 0x1
signal(SIGQUIT, 0)
= 0x1
free(0x55c47528fed0)
=
exit(0
+++ exited (status 0) +++
```
The faulty code is located in susystem() in rcp/rcp.c:
```
412 static int
413 susystem(const char *s)
414 {
415 int status, pid, w;
416 sighandler istat, qstat;
417
418 if ((pid = vfork()) == 0) {
419 const char *args[4];
420 const char **argsfoo;
421 char **argsbar;
422 if (setuid(userid)) {
423 fprintf(stderr, "rcp: child: setuid: %s\n",
424 strerror(errno));
425 _exit(1);
426 }
427 args[0] = "sh";
428 args[1] = "-c";
429 args[2] = s;
430 args[3] = NULL;
431 /* Defeat C type system to permit passing char ** to
execve */
432 argsfoo = args;
433 memcpy(&argsbar, &argsfoo, sizeof(argsfoo));
434 execve(_PATH_BSHELL, argsbar, saved_environ);
435 _exit(127);
436 }
```
A child process is executing "sh -c" (l.434) with no filtering of user input.
Note that /usr/bin/netkit-rcp is a root SUID binary on Debian but that the
above code drop privileges before executing the command, preventing privilege
escalation (l. 422).
There still is a risk as an attacker able to manipulate filenames of either
sources or destination could use it to execute arbitrary commands.
IMO the "sh -c" approach is bad and should be replaced with more secure API
calls to execv("/bin/cp", args) or equivalent.
Best regards,
-- System Information:
Distr
Bug#176280: cxhextris: launching cxhextris crashes panel
Package: cxhextris Version: 1.0-22 Severity: normal Launching cxhextris from the gnome launcher panel crashes the panel. Other applications launched this way do not crash panel. -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux synergy 2.4.18 #1 Wed Aug 7 06:05:11 CDT 2002 i686 Locale: LANG=C, LC_CTYPE= Versions of packages cxhextris depends on: ii debconf 1.2.20 Debian configuration management sy ii libc6 2.2.5-14.3 GNU C Library: Shared libraries an ii xlibs 4.2.1-3X Window System client libraries -- debconf information: cxhextris/move_scorefile: true
For Kendrick's Shop Customers!
Dear customer! We updated our programs list, and now we offer you more new software items Visit our full catalog and check new software titles here: http://www.softbetterone.info/?merritt With best regards, Product Manager Jeffrey Bradford
Bug#871954: /usr/bin/apt-rdepends: ITA: apt-rdepends --recursive dependencies utility
Package: apt-rdepends Severity: normal File: /usr/bin/apt-rdepends Dear Maintainer, I would like to adopt this package. I would be able to start work immediately. I purposely selected an orphan because I intend to use this to learn the process and get familiar with the community. Regards, Jeffrey -- System Information: Distributor ID: BunsenLabs Description:BunsenLabs GNU/Linux 8.7 (Hydrogen) Release:8.7 Codename: bunsen-hydrogen Architecture: x86_64 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
Bug#888229: patch for above 'cow'
made a patch that appears to implement the above 'cow'
hopefully this helps
Jeff Cliff
--- /dev/null
+++ b/cows/fox.cow
@@ -0,0 +1,18 @@
+$the_cow = <
+ <.._=/ \\=_. >
+ {`\\()/`}`\\
+ { } \\
+ |{}\\
+ \\ '--' .- \\
+ |- /\\
+ | | | | | ;
+ | | |.;.,..__ |
+ .-"";` `|
+ /| /
+ `-../,..---'`
+EOC
--- a/debian/copyright
+++ b/debian/copyright
@@ -31,6 +31,10 @@
Copyright: 1999 Geordan Rosario
License: COWSAY
+Files: cows/fox.cow
+Copyright: 2019 Hansen Wu
+License: COWSAY
+
Files: cows/gnu.cow cows/suse.cow
Copyright: 2006 Gerfried Fuchs
License: WTFPL-2
Bug#888229: better formatted patch
TIL about quilt headers. Looks like this one matches all the other cows:
Description: add a fox 'cow'
Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888229#5
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888229
--- /dev/null
+++ b/cows/fox.cow
@@ -0,0 +1,18 @@
+$the_cow = <
+ <.._=/ \\=_. >
+ {`\\()/`}`\\
+ { } \\
+ |{}\\
+ \\ '--' .- \\
+ |- /\\
+ | | | | | ;
+ | | |.;.,..__ |
+ .-"";` `|
+ /| /
+ `-../,..---'`
+EOC
--- a/debian/copyright
+++ b/debian/copyright
@@ -31,6 +31,10 @@
Copyright: 1999 Geordan Rosario
License: COWSAY
+Files: cows/fox.cow
+Copyright: 2019 Hansen Wu
+License: COWSAY
+
Files: cows/gnu.cow cows/suse.cow
Copyright: 2006 Gerfried Fuchs
License: WTFPL-2
Bug#1009338: PowerPC and Package 'b43-fwcutter' has no installation candidate
Package: b43-fwcutter Version: 1:019-7 X-Debbugs-CC: glaub...@physik.fu-berlin.de Tags: sid I am working on an old PowerMac G5 running Debian Sid. I am trying to install firmware-b43-installer. It is having some trouble. I'm not sure how to fix it. I'm going to report it and then ask some questions over at the kernel's b43 mailing list (http://lists.infradead.org/mailman/listinfo/b43-dev). # apt-get install firmware-b43-installer Reading package lists... Done Building dependency tree... Done Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: firmware-b43-installer : Depends: b43-fwcutter (>= 1:019-7) but it is not installable E: Unable to correct problems, you have held broken packages. And then # apt-get install b43-fwcutter Reading package lists... Done Building dependency tree... Done Reading state information... Done Package b43-fwcutter is not available, but is referred to by another package. This may mean that the package is missing, has been obsoleted, or is only available from another source E: Package 'b43-fwcutter' has no installation candidate $ apt-cache show b43-fwcutter N: Can't select versions from package 'b43-fwcutter' as it is purely virtual N: No packages found $ apt-cache search b43-fwcutter $ $ lsb_release -a No LSB modules are available. Distributor ID: Debian Description:Debian GNU/Linux bookworm/sid Release:unreleased Codename: sid $ uname -a Linux PowerMac 5.16.0-6-powerpc64 #1 SMP Debian 5.16.18-1 (2022-03-29) ppc64 GNU/Linux
Bug#491476: amavis-stats: Error with img path and COMMENT enddate strings
Forgot to remove some changes before sending the patch... sorry.
Jeff Green wrote:
Package: amavis-stats
Version: 0.1.12-7.3
Severity: important
... snip...
asDbg($opts);
-$ret = rrd_graph("/usr/share/amavis-stats/$img" , $opts, count($opts));
+$ret = rrd_graph("$img" , $opts, count($opts));
if (!is_array($ret)) {
$err = rrd_error();
The above modification was in there for debugging purposes and are not
needed. Only the COMMENT changes were needed to make it work.
@@ -769,7 +769,7 @@
}
*/
$opts[] = "COMMENT:amavis-stats v$asVersion ";
-$opts[] = "COMMENT:$enddate" . str_replace(":", "\:", $enddate) . " \\r";
+//$opts[] = "COMMENT:$enddate" . str_replace(":", "\:", $enddate) . " \\r";
/*
* debugging - graph definitions
@@ -777,7 +777,7 @@
asDbg($opts);
$start = microtime();
-$ret = rrd_graph("/usr/share/amavis-stats/$img" , $opts, count($opts));
+$ret = rrd_graph("$img" , $opts, count($opts));
$t = elapsed($start);
if (!is_array($ret)) {
$err = rrd_error();
Ditto for the above changed line.
-jeff
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#414159: siege manpage var asg example inconsistent with actual usage in urls.txt
Package: siege
Version: 2.65-3
Severity: minor
The siege manpage has the example:
HOST = homer.whoohoo.com
http://${HOST}/index.html
which does not work in actuality with the urls.txt file due to the spaces
surrounding
the equals (=) sign. Inclusion of spaces does not work for me while the absence
does.
So, either the manpage needs to be changed to reflect the behavior or the
parsing of
the urls.txt file needs to be changed to handle spaces.
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-powerpc
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages siege depends on:
ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries
ii libssl0.9.8 0.9.8c-4 SSL shared libraries
siege recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#442165: apt-spy: Destroys sources.list file
Package: apt-spy Version: 3.1-16 Severity: important *** Please type your report below this line *** apt-spy -d etch destroyed my sources.list file, replacing it with "(null)" lines. Now I have to rebuild sources.list from memory :-( -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages apt-spy depends on: ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libcurl3 7.15.5-1etch1 Multi-protocol file transfer libra apt-spy recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#854746: pm-utils
Package: pm-utils Version: 1.4.1-15 I'd like to report a regression in the pm-hibernate command, which stopped working when I upgraded my Dell T5500. I am running jessie. pm-hibernate worked until about two weeks ago when I did an apt-get upgrade. Now, the machine fails to turn off. I have two displays. One does turn off. The other does not. X shuts down and the vT goes blank but the cursor still flashes. And the CPU power does not turn off. Thanks, Jeff (http://engineering.purdue.edu/~qobi)
