Debian Bug report logs - #386182
CVE-2006-4305: remote arbitrary code execution

Package: maxdb-webtools; Maintainer for maxdb-webtools is (unknown);

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Tue, 5 Sep 2006 20:03:55 UTC

Severity: critical

Tags: security

Done: Martin Kittel <debian@martin-kittel.de>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Martin Kittel <debian@martin-kittel.de>:
Bug#386182; Package maxdb-webtools. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Martin Kittel <debian@martin-kittel.de>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2006-4305: remote arbitrary code execution
Date: Tue, 05 Sep 2006 21:47:31 +0200
Package: maxdb-webtools
Severity: critical
Tags: security

A vulnerability has been found in MaxDB (CVE-2006-4305):

Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote
attackers to execute arbitrary code via a long database name when
connecting via a WebDBM client.

See e.g.
http://secunia.com/advisories/21677
for details


Severity critical because I assume it starts WebDBM by default ("introduces a
security hole on systems where you install the package"). If this is not the
case, it is only "grave".



Information forwarded to debian-bugs-dist@lists.debian.org, Martin Kittel <debian@martin-kittel.de>:
Bug#386182; Package maxdb-webtools. Full text and rfc822 format available.

Acknowledgement sent to "Steinar H. Gunderson" <sgunderson@bigfoot.com>:
Extra info received and forwarded to list. Copy sent to Martin Kittel <debian@martin-kittel.de>. Full text and rfc822 format available.

Message #10 received at 386182@bugs.debian.org (full text, mbox):

From: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
To: Stefan Fritsch <sf@sfritsch.de>
Cc: 386182@bugs.debian.org
Subject: Re: CVE-2006-4305: remote arbitrary code execution
Date: Thu, 21 Sep 2006 01:09:53 +0200
On Tue, Sep 05, 2006 at 09:47:31PM +0200, Stefan Fritsch wrote:
> Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote
> attackers to execute arbitrary code via a long database name when
> connecting via a WebDBM client.

FWIW, this is also fixed in 7.5.00.38, as far as I can see. It's available
from

  http://ftp.sunet.se/pub/unix/databases/relational/mysql/Downloads/MaxDB/7.5.00/maxdb-source-7_5_00_38.tgz           

but I can't the Debian patches to apply cleanly. I'll have a stab at finding
the required fix, but given the size of the changesets between these
sub-revisions, I'm not sure I'll find it.

/* Steinar */
-- 
Homepage: http://www.sesse.net/



Information forwarded to debian-bugs-dist@lists.debian.org, Martin Kittel <debian@martin-kittel.de>:
Bug#386182; Package maxdb-webtools. Full text and rfc822 format available.

Acknowledgement sent to debian@martin-kittel.de:
Extra info received and forwarded to list. Copy sent to Martin Kittel <debian@martin-kittel.de>. Full text and rfc822 format available.

Message #15 received at 386182@bugs.debian.org (full text, mbox):

From: debian@martin-kittel.de
To: <sgunderson@bigfoot.com>
Cc: <386182@bugs.debian.org>
Subject: AW: Bug#386182: CVE-2006-4305: remote arbitrary code execution
Date: Thu, 21 Sep 2006 07:58:03 +0200
Hi,

I am trying to prepare 7.5.00.38, too, but am having difficulties getting it to compile.
But I do have the changeset to fix the overflow, and if I can't get build 38 done by the week-end I will try and apply the fix against 7.5.00.34.

Thanks for your effort.

Martin.



Tags added: pending Request was from Martin Kittel <debian@martin-kittel.de> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Martin Kittel <debian@martin-kittel.de>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #22 received at 386182-done@bugs.debian.org (full text, mbox):

From: Martin Kittel <debian@martin-kittel.de>
To: 386182-done@bugs.debian.org
Subject: Fixed by upload of 7.5.00.34-5
Date: Sat, 07 Oct 2006 19:35:36 +0200
The bug has been fixed in 7.5.00.34-5. Due to a typo in the changelog
the bug was not closed automatically.




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 19 Jun 2007 03:28:21 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 20:14:29 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.