lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040622041940.GB5213@nautile.hinterhof.net>
From: max at hinterhof.net (Max Vozeler)
Subject: [SECURITY] [DSA 139-1] New super packages fix local root exploit

Hi GOBBLES,

On Mon, Jun 21, 2004 at 06:02:21AM -0700, gobbles@...hmail.com wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi list!@ hehehehe ;PPpPPPPPp
> 
> It appear Max Vozeler who wrap he packages for he debian friends did
> travel back in time with he timemachine of many speed. Friend GOBBLES
> not buy into whole space/time discussion ;PPpPPPP

I'm afraid I'm not currently able to use any such time travel technology
for my Debian work, as there is no free software implementation nor free
documentation of this proprietary technology. If you, GOBBLES, could
provide your avantgardist insights into this topic and contribute any
proof-of-concept time travel codez or sniffer logs you may have under a
free license, that would be wonderful.

> But anyways here
> is friend GOBBLES of old! From he hushmail electronic mail of 2002.

.. in the meantime. I have no idea where you got this idea from, as a
simple diff of the Debian source packages would have told you otherwise.
The vulnerability you found in 2002 is a different thing, but see below
for the code, which speaks a much clearer language.

=========================================
"Yours", 2002:
>    --- super-3.16.1.orig/error.c
>    +++ super-3.16.1/error.c
>    @@ -168,12 +168,12 @@
>     void rsyslog P__(( unsigned int level, char *fmt, ... ));
> 
>     #define OpenLog(prog, opt, fac) ropenlog((prog), (opt), (fac), error_rlog_host)
>    -#define SysLog(pri, buf) rsyslog((pri), (buf))
>    +#define SysLog(pri, buf) rsyslog((pri), "%s", (buf))

super (3.18.0-3) unstable; urgency=critical

  * SECURITY FIX for local root exploit reported recently on the BugTraq
    list (closes: #154982).

 -- Robert Luberda <robert@...ian.org>  Thu,  1 Aug 2002 06:56:13 +0200
=========================================

=========================================
"Mine", 2004:
> --- super-3.22.2/super.c-orig	2004-06-22 05:55:54.000000000 +0200
> +++ super-3.22.2/super.c	2004-06-22 05:56:01.000000000 +0200
> @@ -1140,7 +1140,7 @@
>  	    (localinfo.mail_success == -1 && globalinfo.mail_success==0))
>  	error_command = NULL;
>      error_stderr = 0;
> -    Error(0, 0, logbuf);
> +    Error(0, 0, "%s", logbuf);
>      error_stderr = e;
>      error_command = ec;
>  } 
(the diff is untested)

super (3.23.0-1) unstable; urgency=high

  * New upstream version:
    + fixed format string vulnerability (CAN-2004-0579) 
      found by Max Vozeler <max@...terhof.net>.
  * Added debian/watch file.

 -- Robert Luberda <robert@...ian.org>  Fri, 18 Jun 2004 22:40:17 +0200
=========================================

Have a nice day.

Cheers,
Max

-- 
308E81E7B97963BCA0E6ED889D5BD511B7CDA2DC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040622/088694a6/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ