Debian Bug report logs - #338920
migrationtools: Insecure handling of temporary files

version graph

Package: migrationtools; Maintainer for migrationtools is Jonas Smedegaard <dr@jones.dk>; Source for migrationtools is src:migrationtools.

Reported by: Jason Hoover <jason@tinicumartandscience.org>

Date: Sun, 13 Nov 2005 20:33:01 UTC

Severity: critical

Tags: fixed, patch, security

Found in version migrationtools/46-1

Fixed in version 46-2.1

Done: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#338920; Package migrationtools. Full text and rfc822 format available.

Acknowledgement sent to Jason Hoover <jason@tinicumartandscience.org>:
New Bug report received and forwarded. Copy sent to Jonas Smedegaard <dr@jones.dk>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Jason Hoover <jason@tinicumartandscience.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: migrationtools: Insecure handling of temporary files
Date: Sun, 13 Nov 2005 15:26:37 -0500
Package: migrationtools
Version: 46-1
Severity: critical
Tags: security
Justification: root security hole


Migrationtools leaves insecure temporary files containing information from /etc/shadow.

When it fails to add information, it creates files like nis.<bunchofnumbers>.ldif which are world 
readable. This can contain encrypted passwords from /etc/shadow, and by default, includes the root
account (unless you modify migrate_common.ph with minuid).

This is probably a bad thing(tm).

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.14-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages migrationtools depends on:
ii  ldap-utils [openldap-utils]   2.2.23-8   OpenLDAP utilities
ii  perl                          5.8.4-8    Larry Wall's Practical Extraction 

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#338920; Package migrationtools. Full text and rfc822 format available.

Acknowledgement sent to Martin Samuelsson <debianbts@cos.user.lysator.liu.se>:
Extra info received and forwarded to list. Copy sent to Jonas Smedegaard <dr@jones.dk>. Full text and rfc822 format available.

Message #10 received at 338920@bugs.debian.org (full text, mbox):

From: Martin Samuelsson <debianbts@cos.user.lysator.liu.se>
To: Debian Bug Tracking System <338920@bugs.debian.org>
Cc: control@bugs.debian.org
Subject: Re: migrationtools: Insecure handling of temporary files
Date: Fri, 18 Nov 2005 19:26:51 +0100
[Message part 1 (text/plain, inline)]
tags 338920 + patch
thanks,

Jason Hoover @ 2005-11-13 (Sunday), 15:26 (-0500)
> Migrationtools leaves insecure temporary files containing information from /etc/shadow.

Attached is a patch that calls mktemp at appropriate places. I took the
liberty to change the variable names used from TMPDIR to TEMPDIR, as the
first one has a special meaning.

During a test run it seemed to still work for me, without leaving any
world readable files around.
--
/Martin
[migrationtools-46-securetmp.diff (text/plain, attachment)]

Tags added: patch Request was from Martin Samuelsson <debianbts@cos.user.lysator.liu.se> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Jonas Smedegaard <dr@jones.dk>:
Bug#338920; Package migrationtools. Full text and rfc822 format available.

Acknowledgement sent to Stephen Gran <sgran@debian.org>:
Extra info received and forwarded to list. Copy sent to Jonas Smedegaard <dr@jones.dk>. Full text and rfc822 format available.

Message #17 received at 338920@bugs.debian.org (full text, mbox):

From: Stephen Gran <sgran@debian.org>
To: 338920@bugs.debian.org
Subject: Patch for NMU for this bug
Date: Sun, 29 Jan 2006 15:19:46 +0000
[Message part 1 (text/plain, inline)]
Hello,

Since this bug is trivial to fix, and has been open for two months, I am
going to fix it by NMU.  If you are unhappy with anything about the NMU,
please override it.

Thanks,
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------
[migrationtools.patch (text/plain, attachment)]

Tags added: fixed Request was from Stephen Gran <sgran@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#338920; Package migrationtools. Full text and rfc822 format available.

Acknowledgement sent to Jonas Smedegaard <dr@jones.dk>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #24 received at 338920@bugs.debian.org (full text, mbox):

From: Jonas Smedegaard <dr@jones.dk>
To: Stephen Gran <sgran@debian.org>, 338920@bugs.debian.org
Subject: Re: Bug#338920: Patch for NMU for this bug
Date: Mon, 30 Jan 2006 13:27:46 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sun, 29 Jan 2006 15:19:46 +0000
Stephen Gran <sgran@debian.org> wrote:

> Since this bug is trivial to fix, and has been open for two months, I
> am going to fix it by NMU.  If you are unhappy with anything about
> the NMU, please override it.

I am fine with the fix (and embarrassed that I didn't find time to do
it myself for so long). Thanks alot with your help here!


 - Jonas

- -- 
* Jonas Smedegaard - idealist og Internet-arkitekt
* Tlf.: +45 40843136  Website: http://dr.jones.dk/

 - Enden er nær: http://www.shibumi.org/eoti.htm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD3gZCn7DbMsAkQLgRAg/CAJ40T99FAQtHDXPO+a0GtYdLaX6PDwCfR0gq
NWTKXp/L9/NeQk8XkT02bIA=
=b0QG
-----END PGP SIGNATURE-----



Bug marked as fixed in version 46-2.1, send any further explanations to Jason Hoover <jason@tinicumartandscience.org> Request was from "Adam D. Barratt" <debian-bts@adam-barratt.org.uk> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Jason Hoover <jason@tinicumartandscience.org>:
Bug#338920. Full text and rfc822 format available.

Message #29 received at 338920-submitter@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
To: 331601-submitter@bugs.debian.org, 331607-submitter@bugs.debian.org, 332216-submitter@bugs.debian.org, 332237-submitter@bugs.debian.org, 332389-submitter@bugs.debian.org, 332424-submitter@bugs.debian.org, 325490-submitter@bugs.debian.org, 332451-submitter@bugs.debian.org, 332507-submitter@bugs.debian.org, 332702-submitter@bugs.debian.org, 332703-submitter@bugs.debian.org, 332808-submitter@bugs.debian.org, 332896-submitter@bugs.debian.org, 333035-submitter@bugs.debian.org, 342420-submitter@bugs.debian.org, 333046-submitter@bugs.debian.org, 333460-submitter@bugs.debian.org, 333857-submitter@bugs.debian.org, 333885-submitter@bugs.debian.org, 340743-submitter@bugs.debian.org, 334252-submitter@bugs.debian.org, 334320-submitter@bugs.debian.org, 334651-submitter@bugs.debian.org, 335126-submitter@bugs.debian.org, 335144-submitter@bugs.debian.org, 335146-submitter@bugs.debian.org, 335252-submitter@bugs.debian.org, 335274-submitter@bugs.debian.org, 335567-submitter@bugs.debian.org, 335719-submitter@bugs.debian.org, 335842-submitter@bugs.debian.org, 336168-submitter@bugs.debian.org, 336312-submitter@bugs.debian.org, 336485-submitter@bugs.debian.org, 379846-submitter@bugs.debian.org, 336535-submitter@bugs.debian.org, 336710-submitter@bugs.debian.org, 337246-submitter@bugs.debian.org, 337453-submitter@bugs.debian.org, 337495-submitter@bugs.debian.org, 337576-submitter@bugs.debian.org, 337593-submitter@bugs.debian.org, 339192-submitter@bugs.debian.org, 346695-submitter@bugs.debian.org, 347154-submitter@bugs.debian.org, 337708-submitter@bugs.debian.org, 337711-submitter@bugs.debian.org, 338327-submitter@bugs.debian.org, 340076-submitter@bugs.debian.org, 345223-submitter@bugs.debian.org, 338370-submitter@bugs.debian.org, 338432-submitter@bugs.debian.org, 338483-submitter@bugs.debian.org, 338537-submitter@bugs.debian.org, 338920-submitter@bugs.debian.org, 339024-submitter@bugs.debian.org, 341234-submitter@bugs.debian.org, 339073-submitter@bugs.debian.org, 339103-submitter@bugs.debian.org, 339187-submitter@bugs.debian.org, 339220-submitter@bugs.debian.org, 339225-submitter@bugs.debian.org, 339226-submitter@bugs.debian.org, 339236-submitter@bugs.debian.org, 339241-submitter@bugs.debian.org, 339250-submitter@bugs.debian.org, 339267-submitter@bugs.debian.org, 339268-submitter@bugs.debian.org, 339280-submitter@bugs.debian.org, 339711-submitter@bugs.debian.org, 339806-submitter@bugs.debian.org, 339835-submitter@bugs.debian.org, 340010-submitter@bugs.debian.org, 340084-submitter@bugs.debian.org, 340163-submitter@bugs.debian.org, 340174-submitter@bugs.debian.org, 340516-submitter@bugs.debian.org, 340577-submitter@bugs.debian.org, 341011-submitter@bugs.debian.org, 341975-submitter@bugs.debian.org, 342035-submitter@bugs.debian.org, 342322-submitter@bugs.debian.org, 346188-submitter@bugs.debian.org, 347153-submitter@bugs.debian.org, 343035-submitter@bugs.debian.org, 343771-submitter@bugs.debian.org, 343782-submitter@bugs.debian.org, 343795-submitter@bugs.debian.org, 343804-submitter@bugs.debian.org, 343912-submitter@bugs.debian.org, 343989-submitter@bugs.debian.org, 344029-submitter@bugs.debian.org, 344254-submitter@bugs.debian.org, 344447-submitter@bugs.debian.org, 344503-submitter@bugs.debian.org, 345737-submitter@bugs.debian.org, 345880-submitter@bugs.debian.org, 344742-submitter@bugs.debian.org
Subject: Bugs fixed in NMU, documenting versions
Date: Sun, 22 Oct 2006 23:09:18 +0100
# Hi,
#
# These bugs were fixed in an NMU, but have not been acknowledged by the
# maintainers.  With version tracking in the Debian BTS, it is important
# to know which version of a package fixes each bug so that they can be
# tracked for release status, so I'm closing these bugs with the
#relevant version information now

close 331601 0.11.3-1.3
close 331607 0.11.3-1.3
close 332216 2005.08.R1-1.1
close 332237 0.11.3-1.4
close 332389 3.1.2-0.1
close 332424 2.6.1-6sarge1
close 325490 0.7.1-1.1
close 332451 0.7.1-1.1
close 332507 0.4.5+cvs20030824-1.5
close 332702 1.5-2.1
close 332703 2.1.19-1.7
close 332808 2.0.12-1.5
close 332896 2.6.2.pre2-1.1
close 333035 0.12-8.1
close 342420 0.12-8.1
close 333046 2.2-5.1
close 333460 1.0-23.2
close 333857 1.0-23.2
close 333885 1.0.20040603-1.1
close 340743 1.0.20040603-1.1
close 334252 20031130-2.1
close 334320 1.4.2-5.1
close 334651 3.0-4.1
close 335126 0.5.3-1.1
close 335144 3.1.1-4.1
close 335146 0.2-1.1
close 335252 0.4.0-1.1
close 335274 0.13-3.2
close 335567 0.4.5+cvs20030824-1.6
close 335719 3.0.cvs20050714-1.1
close 335842 3.10-1.1
close 336168 1.4-2.1
close 336312 0.2.4-4.1
close 336485 2.1.19.dfsg1-0.3
close 379846 2.1.19.dfsg1-0.3
close 336535 2005.08.R1-1.2
close 336710 1:3.2.6-2.1
close 337246 1.0.1-6.1
close 337453 0.9b3-2.1
close 337495 2.09-2sarge1
close 337576 20.0-1.1
close 337593 1.1.3-5.1
close 339192 1.1.3-5.1
close 346695 1.1.3-5.1
close 347154 1.1.3-5.1
close 337708 1.20-2.1
close 337711 0.5-0.2
close 338327 1.9-11.1
close 340076 1.9-11.1
close 345223 1.9-11.1
close 338370 1.35-4.1
close 338432 2.3.3-6.2
close 338483 0.95-1.3
close 338537 1.6-1.1
close 338920 46-2.1
close 339024 4.2.24-1.1
close 341234 4.2.24-1.1
close 339073 1.5.19-20+sarge1
close 339103 0.5.0-1.1
close 339187 6:6.2.4.5-0.3
close 339220 0.6.5-2
close 339225 1.0.4-1.2
close 339226 2.6.1-2.2
close 339236 2.6.2.pre2-1.2
close 339241 1.2.2-4.1
close 339250 6.4-1.1
close 339267 4.2.0-8.1
close 339268 0.7.2-1.1
close 339280 0.1.5.9+cvs.2004.02.07-3.3
close 339711 2.0pl5-19.4
close 339806 0.8pre1-6.1
close 339835 2.11b-1.4
close 340010 1.3-2.2
close 340084 1:1.2.3-9.1
close 340163 0.2.9-5.1
close 340174 0.99.44-0.1
close 340516 1.1.6-2.1
close 340577 1.1.0.20050815-2.1
close 341011 1.8-1.1
close 341975 0.70.1-1.1
close 342035 0.70.1-1.1
close 342322 9.4.2-2.5
close 346188 9.4.2-2.5
close 347153 9.4.2-2.5
close 343035 0.3b.19990815-3.1
close 343771 4.3.9-2.1
close 343782 1.3.13.1-4.1
close 343795 0.5.8-0.1
close 343804 0.3.7-4.1
close 343912 0.0.4-2.1
close 343989 8.4.11-1.1
close 344029 2.1-5.1
close 344254 2.0.9-3.2
close 344447 0.79-3.1
close 344503 9.4.2-2.7
close 345737 2.1.19-1.8
close 345880 2.1.19-1.8
close 344742 0.1.14-1.1




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 24 Jun 2007 19:51:19 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 12:35:27 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.