Acknowledgement sent to Steve Kemp <skx@debian.org>:
New Bug report received and forwarded. Copy sent to Yu Guanghui <ygh@debian.org>.
(full text, mbox, link).
Package: unicon-imc2
Version: 3.0.4-11
Severity: grave
Usertags: sourcescan
*** Please type your report below this line ***
CVE-2007-2835 : Allows local root compromise via zhcon.
Anyway, the setuid(0) zhcon application links to this library,
which contains a buffer overflow which may be used to gain root.
(Actually any application using this library can be exploited;
this is the only setuid one I could spot.)
The source of this problem is ./unicon/ImmModules/cce/CCE_pinyin.c:
static int
IMM_Flush ()
{
char name[256];
sprintf(name,"%s/.pyinput/usrphrase.tab",getenv("HOME"));
SaveUsrPhrase(name);
sprintf(name,"%s/.pyinput/sysfrequency.tab",getenv("HOME"));
SavePhraseFrequency(name);
return 1;
}
There are similar problems in the file /unicon/ImmModules/cce/xl_pinyin.c
too.
Steve
--
# Commercial Debian GNU/Linux Support
http://www.linux-administration.org/
Information forwarded to debian-bugs-dist@lists.debian.org, Yu Guanghui <ygh@debian.org>: Bug#431336; Package unicon-imc2.
(full text, mbox, link).
Acknowledgement sent to Steve Kemp <skx@debian.org>:
Extra info received and forwarded to list. Copy sent to Yu Guanghui <ygh@debian.org>.
(full text, mbox, link).
Tags added: security
Request was from Touko Korpela <tkorpela@phnet.fi>
to control@bugs.debian.org.
(Sun, 01 Jul 2007 21:06:05 GMT) (full text, mbox, link).
Tags added: patch
Request was from Touko Korpela <tkorpela@phnet.fi>
to control@bugs.debian.org.
(Sun, 01 Jul 2007 21:06:06 GMT) (full text, mbox, link).
Bug marked as fixed in version 3.0.4-11etch1.
Request was from Touko Korpela <tkorpela@phnet.fi>
to control@bugs.debian.org.
(Fri, 20 Jul 2007 23:09:02 GMT) (full text, mbox, link).
Reply sent to Yu Guanghui <ygh@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steve Kemp <skx@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: unicon
Source-Version: 3.0.4-12
We believe that the bug you reported is fixed in the latest version of
unicon, which is due to be installed in the Debian FTP archive:
unicon-imc2_3.0.4-12_i386.deb
to pool/main/u/unicon/unicon-imc2_3.0.4-12_i386.deb
unicon_3.0.4-12.diff.gz
to pool/main/u/unicon/unicon_3.0.4-12.diff.gz
unicon_3.0.4-12.dsc
to pool/main/u/unicon/unicon_3.0.4-12.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 431336@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Yu Guanghui <ygh@debian.org> (supplier of updated unicon package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 06 Aug 2007 13:50:51 +0800
Source: unicon
Binary: unicon-imc2
Architecture: source i386
Version: 3.0.4-12
Distribution: unstable
Urgency: low
Maintainer: Yu Guanghui <ygh@debian.org>
Changed-By: Yu Guanghui <ygh@debian.org>
Description:
unicon-imc2 - Chinese Input Method Library
Closes: 431336
Changes:
unicon (3.0.4-12) unstable; urgency=low
.
* Merged CVE-2007-2835 to unstable. (Closes:Bug#431336)
Files:
208ba9b1abe26852dbe8e016ff4f2504 593 utils optional unicon_3.0.4-12.dsc
5615bce4b7c9544764d2e9bae7b9a6df 15934 utils optional unicon_3.0.4-12.diff.gz
42c5f502a17a93394a7f0ebffbb3cf0f 4151994 utils optional unicon-imc2_3.0.4-12_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGtriaKNPoKRflcycRAojoAJ9230xGlLWPFHcvXJoRZE6zaGcR+gCfXZ+C
Kpb9rIyItTqXtuCP+PsljuU=
=VQWt
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 27 Dec 2007 07:28:55 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.