lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <3F415CB8.9080801@SySS.de>
Date: Tue, 19 Aug 2003 01:09:44 +0200
From: Carl-Daniel Hailfinger <hailfinger-lists@...s.de>
To: bugtraq@...urityfocus.com
Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: [Advisory] SECURITY BUG in BitKeeper


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SySS Security Advisory

Date: 2003-07-25 (Published 2003-08-19)

Author: Carl-Daniel Hailfinger <hailfinger-lists@...S.de>
        SySS GmbH
        72070 Tübingen / Germany
        Phone: +49-7071-407856-0
        http://www.syss.de

Permanent URL: http://www.syss.de/advisories.php?id=7&year=2003

Application: BitKeeper

Affected versions: All versions <3.0.2

Application notes: BitKeeper is an advanced source code control system
like CVS, see http://www.bitkeeper.com

Vendor status: The vendor of BitKeeper is aware of the problem and has
documented it since at least two years. BitMover has been contacted by me
on 2003-07-25.

Type: Configuration error: insecure by default, fix is documented

Description: Certain parts of the trigger functionality in BitKeeper can
be abused by an attacker if a user accepts a patch containing specially
crafted files.

Severity: Critical.

Affected persons: Any user running bitkeeper and accepting patches from
outside of a trusted network - possibly the majority of Linux Kernel
developers.

Additional notes: I have an exploit readily available.

Because of the severity of this issue, BitMover has been contacted and is
working with SySS and the BK users to resolve the issue before exposing
the details of the problem.  There will be a followup security advisory in
2-4 weeks, after people feel that the problem has been contained; the
followup will disclose the details of the problem.

Workaround: If you are worried about it you can add
	export BK_NO_TRIGGERS=YES
to your .profile and the trigger functionality will be disabled.


Regards,
Carl-Daniel

- --
Carl-Daniel Hailfinger
Security Consultant
SySS GmbH
Friedrich-Dannenmann-Str. 2
D-72070 Tuebingen
Phone: +49-7071-407856-0
Mail: hailfinger-lists@...s.de
http://www.syss.de
Key fingerprint: B35E 0E38 9A18 3B25 209F  002E 4743 1599 A495 B6E5

-----BEGIN PGP SIGNATURE-----

iD4DBQE/QVyyR0MVmaSVtuURAq+uAJ0bE5rl7Khcz6R2T+hM8NJH/9fLqACY+J/T
z5E2BbUC9xxR4IR4LdOxcw==
=p2oN
-----END PGP SIGNATURE-----



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ