Debian Bug report logs - #307360
oops: Format string vulnerability in database auth handling (CAN-2005-1121)

version graph

Package: oops; Maintainer for oops is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 2 May 2005 20:03:14 UTC

Severity: grave

Tags: fixed, patch, security

Fixed in version oops/1.5.23.cvs-3

Done: Reinhard Tartler <siretart@tauware.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, security@debian.org, Michael Zehrer <zehrer@zepan.org>:
Bug#307360; Package oops. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to security@debian.org, Michael Zehrer <zehrer@zepan.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: oops: Format string vulnerability in database auth handling (CAN-2005-1121)
Date: Mon, 02 May 2005 21:51:45 +0200
Package: oops
Severity: grave
Tags: security patch sid woody
Justification: user security hole

[Cc:ing security@, should affect woody as well]
[Severity is under the assumption that code execution is possible]

A format string vulnerability in the auth() function for SQL database
user handling possibly permits execution of arbitrary code. For full
details please see: http://rst.void.ru/papers/advisory24.txt

The advisory contains an obviously correct patch. Package is not
part of Sarge due to long-standing portability problems.

Cheers,
        Moritz

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)



Information forwarded to debian-bugs-dist@lists.debian.org, Michael Zehrer <zehrer@zepan.org>:
Bug#307360; Package oops. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Michael Zehrer <zehrer@zepan.org>. Full text and rfc822 format available.

Message #10 received at submit@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Moritz Muehlenhoff <jmm@inutil.org>
Cc: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Re: Bug#307360: oops: Format string vulnerability in database auth handling (CAN-2005-1121)
Date: Fri, 6 May 2005 07:12:57 +0200
Moritz Muehlenhoff wrote:
> Package: oops
> Severity: grave
> Tags: security patch sid woody
> Justification: user security hole
> 
> [Cc:ing security@, should affect woody as well]

It does.

> A format string vulnerability in the auth() function for SQL database
> user handling possibly permits execution of arbitrary code. For full
> details please see: http://rst.void.ru/papers/advisory24.txt
> 
> The advisory contains an obviously correct patch. Package is not
> part of Sarge due to long-standing portability problems.

This is

======================================================
Candidate: CAN-2005-1121
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1121
Reference: MISC:http://rst.void.ru/papers/advisory24.txt
Reference: BID:13172
Reference: URL:http://www.securityfocus.com/bid/13172
Reference: GENTOO:GLSA-200505-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200505-02.xml
Reference: XF:oops-format-string(20191)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20191

Format string vulnerability in the my_xlog function in lib.c for Oops!
Proxy Server 1.5.23 and earlier, as called by the auth functions in
the passwd_mysql and passwd_pgsql modules, may allow attackers to
execute arbitrary code via a URL.

Please
 . update the package in sid
 . mention the CVE id from above in the changelog
 . tell me the version number of the fixed package
 . use priority=high

Regards,

	Joey

-- 
If nothing changes, everything will remain the same.  -- Barne's Law

Please always Cc to me when replying to me on the lists.



Tags removed: sid Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: woody Request was from Joey Hess <joeyh@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: fixed Request was from Neil McGovern <neilm@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Reinhard Tartler <siretart@tauware.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #21 received at 307360-done@bugs.debian.org (full text, mbox):

From: Reinhard Tartler <siretart@tauware.de>
To: 307360-done@bugs.debian.org
Subject: Fixed in oops 1.5.23.cvs-3
Date: Thu, 26 Jan 2006 15:06:08 +0100
I forgot to mention this bug in the changelog.



Bug marked as fixed in version 1.5.23.cvs-3, send any further explanations to Moritz Muehlenhoff <jmm@inutil.org> Request was from Reinhard Tartler <siretart@tauware.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 02:19:23 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 16:27:51 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.