Bug 132427
| Summary: | [vuxml] [patch] net/netatlk: document and fix CVE-2008-5718 | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Eygene Ryabinkin <rea-fbsd> | ||||||
| Component: | Individual Port(s) | Assignee: | Martin Wilke <miwi> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | ||||||||
| Priority: | Normal | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it. miwi 2009-03-18 15:05:04 UTC
FreeBSD ports repository
Modified files:
security/vuxml vuln.xml
Log:
- Document netatalk -- arbitrary command execution in papd daemon
PR: based on 132427
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Revision Changes Path
1.1890 +34 -1 ports/security/vuxml/vuln.xml
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
miwi 2009-03-18 16:39:04 UTC
FreeBSD ports repository
Modified files:
net/netatalk Makefile
Added files:
net/netatalk/files patch-CVE-2008-5718
Log:
- Fix CVE-2008-5718
PR: 132427
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
Approved by: marcus (maintainer)
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5718
http://www.openwall.com/lists/oss-security/2009/01/13/3
Revision Changes Path
1.78 +1 -1 ports/net/netatalk/Makefile
1.1 +143 -0 ports/net/netatalk/files/patch-CVE-2008-5718 (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks! |
There is an arbitrary code execution in papd daemon from netatalk: (mainly) malicious PostScript files can inject shell commands if papd is configured to make variable substitution during filtering incoming PostScript content. Fix: The following patch combines 3 upstream hunks that should fix the vulnerability. I had tested only patch's compilability and inspected patch logics -- looks sane. Pay attention that the third hunk was reverted in the CVS repository for netatalk for an unknown reason. But the patch should be present, otherwise command injection will still be possible. The following VuXML entry should be evaluated and added. <vuln vid="3604780c-0c0f-11de-b26a-001fc66e7203"> <topic>netatalk -- arbitrary command execution in papd daemon</topic> <affects> <package> <name>netatalk</name> <range><lt>2.0.3_5,1</lt></range> </package> </affects> <description> <body xmlns="http://www.w3.org/1999/xhtml"> <p>Secunia reports:</p> <blockquote cite="http://secunia.com/advisories/33227"> <p>A vulnerability has been reported in Netatalk, which potentially can be exploited by malicious users to compromise a vulnerable system.</p> <p>The vulnerability is caused due to the papd daemon improperly sanitising several received parameters before passing them in a call to "popen()". This can be exploited to execute arbitrary commands via a specially crafted printing request.</p> <p>Successful exploitation requires that a printer is configured to pass arbitrary values as parameters to a piped command.</p> </blockquote> </body> </description> <references> <cvename>CVE-2008-5718</cvename> <bid>32925</bid> <url>http://www.openwall.com/lists/oss-security/2009/01/13/3</url> </references> <dates> <discovery>2009-01-15</discovery> <entry>TODAY</entry> </dates> </vuln> --- vuln.xml ends here --- While I am here, I want to add a simple patch that removes spool directories for CUPS interface that are created if CUPS is installed in the system when one builds the netatalk port and thus CUPS support is activated by the configure script. How-To-Repeat: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5718 http://www.openwall.com/lists/oss-security/2009/01/13/3