[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3F415CB8.9080801@SySS.de>
Date: Tue, 19 Aug 2003 01:09:44 +0200
From: Carl-Daniel Hailfinger <hailfinger-lists@...s.de>
To: bugtraq@...urityfocus.com
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [Advisory] SECURITY BUG in BitKeeper
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
SySS Security Advisory
Date: 2003-07-25 (Published 2003-08-19)
Author: Carl-Daniel Hailfinger <hailfinger-lists@...S.de>
SySS GmbH
72070 Tübingen / Germany
Phone: +49-7071-407856-0
http://www.syss.de
Permanent URL: http://www.syss.de/advisories.php?id=7&year=2003
Application: BitKeeper
Affected versions: All versions <3.0.2
Application notes: BitKeeper is an advanced source code control system
like CVS, see http://www.bitkeeper.com
Vendor status: The vendor of BitKeeper is aware of the problem and has
documented it since at least two years. BitMover has been contacted by me
on 2003-07-25.
Type: Configuration error: insecure by default, fix is documented
Description: Certain parts of the trigger functionality in BitKeeper can
be abused by an attacker if a user accepts a patch containing specially
crafted files.
Severity: Critical.
Affected persons: Any user running bitkeeper and accepting patches from
outside of a trusted network - possibly the majority of Linux Kernel
developers.
Additional notes: I have an exploit readily available.
Because of the severity of this issue, BitMover has been contacted and is
working with SySS and the BK users to resolve the issue before exposing
the details of the problem. There will be a followup security advisory in
2-4 weeks, after people feel that the problem has been contained; the
followup will disclose the details of the problem.
Workaround: If you are worried about it you can add
export BK_NO_TRIGGERS=YES
to your .profile and the trigger functionality will be disabled.
Regards,
Carl-Daniel
- --
Carl-Daniel Hailfinger
Security Consultant
SySS GmbH
Friedrich-Dannenmann-Str. 2
D-72070 Tuebingen
Phone: +49-7071-407856-0
Mail: hailfinger-lists@...s.de
http://www.syss.de
Key fingerprint: B35E 0E38 9A18 3B25 209F 002E 4743 1599 A495 B6E5
-----BEGIN PGP SIGNATURE-----
iD4DBQE/QVyyR0MVmaSVtuURAq+uAJ0bE5rl7Khcz6R2T+hM8NJH/9fLqACY+J/T
z5E2BbUC9xxR4IR4LdOxcw==
=p2oN
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists