Report forwarded to debian-bugs-dist@lists.debian.org, Peter Makholm <peter@makholm.net>: Bug#443913; Package inotify-tools.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Peter Makholm <peter@makholm.net>.
(full text, mbox, link).
Package: inotify-tools
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for inotify-tools.
CVE-2007-5037[0]:
| Buffer overflow in the inotifytools_snprintf function in
| src/inotifytools.c in the inotify-tools library before 3.11 allows
| context-dependent attackers to execute arbitrary code via a long
| filename.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5037
Kind regards
Nico
--
Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
tag 443913 patch etch
thanks
This problem is fixed in unstable by uploading the new upstream
version (3.11-1). A fix for etch is awaitng the security team.
Patch for version 3.3-1 attached
//Makholm
diff -Naur inotify-tools-3.3-orig/libinotifytools/src/inotifytools.c inotify-tools-3.3/libinotifytools/src/inotifytools.c
--- inotify-tools-3.3-orig/libinotifytools/src/inotifytools.c 2006-10-29 09:44:06.000000000 +0100
+++ inotify-tools-3.3/libinotifytools/src/inotifytools.c 2007-09-25 07:49:10.768454036 +0200
@@ -1634,7 +1634,7 @@
if ( ch1 == 'w' ) {
if ( filename ) {
- strncpy( &out[ind], filename, MAX_STRLEN - ind );
+ strncpy( &out[ind], filename, size - ind );
ind += strlen(filename);
}
++i;
@@ -1643,7 +1643,7 @@
if ( ch1 == 'f' ) {
if ( eventname ) {
- strncpy( &out[ind], eventname, MAX_STRLEN - ind );
+ strncpy( &out[ind], eventname, size - ind );
ind += strlen(eventname);
}
++i;
@@ -1652,7 +1652,7 @@
if ( ch1 == 'e' ) {
eventstr = inotifytools_event_to_str( event->mask );
- strncpy( &out[ind], eventstr, MAX_STRLEN - ind );
+ strncpy( &out[ind], eventstr, size - ind );
ind += strlen(eventstr);
++i;
continue;
@@ -1675,7 +1675,7 @@
timestr[0] = 0;
}
- strncpy( &out[ind], timestr, MAX_STRLEN - ind );
+ strncpy( &out[ind], timestr, size - ind );
ind += strlen(timestr);
++i;
continue;
@@ -1684,7 +1684,7 @@
// Check if next char in fmt is e
if ( i < strlen(fmt) - 2 && fmt[i+2] == 'e' ) {
eventstr = inotifytools_event_to_str_sep( event->mask, ch1 );
- strncpy( &out[ind], eventstr, MAX_STRLEN - ind );
+ strncpy( &out[ind], eventstr, size - ind );
ind += strlen(eventstr);
i += 2;
continue;
Tags added: patch, etch
Request was from Peter Makholm <peter@makholm.net>
to control@bugs.debian.org.
(Tue, 25 Sep 2007 08:00:16 GMT) (full text, mbox, link).
Bug marked as fixed in version 3.11-1.
Request was from Nico Golde <nion@debian.org>
to control@bugs.debian.org.
(Thu, 27 Sep 2007 11:51:04 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Peter Makholm <peter@makholm.net>: Bug#443913; Package inotify-tools.
(full text, mbox, link).
Acknowledgement sent to kurt@roeckx.be (Kurt Roeckx):
Extra info received and forwarded to list. Copy sent to Peter Makholm <peter@makholm.net>.
(full text, mbox, link).
Source: inotify-tools
Source-Version: 3.3-2
We believe that the bug you reported is fixed in the latest version of
inotify-tools, which is due to be installed in the Debian FTP archive:
inotify-tools_3.3-2.diff.gz
to pool/main/i/inotify-tools/inotify-tools_3.3-2.diff.gz
inotify-tools_3.3-2.dsc
to pool/main/i/inotify-tools/inotify-tools_3.3-2.dsc
inotify-tools_3.3-2_i386.deb
to pool/main/i/inotify-tools/inotify-tools_3.3-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 443913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Makholm <peter@makholm.net> (supplier of updated inotify-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Sep 2007 08:18:02 +0200
Source: inotify-tools
Binary: inotify-tools
Architecture: source i386
Version: 3.3-2
Distribution: stable-security
Urgency: high
Maintainer: Peter Makholm <peter@makholm.net>
Changed-By: Peter Makholm <peter@makholm.net>
Description:
inotify-tools - command-line programs providing a simple interface to inotify
Closes: 443913
Changes:
inotify-tools (3.3-2) stable-security; urgency=high
.
* Fixes buffer overflow in inotifytools_snprintf (CVE-2007-5037)
by backporting changes from new upstream vesion (3.11)
(Closes: #443913)
Files:
883ee55627b7becb5a9ca1a2e569281b 624 misc optional inotify-tools_3.3-2.dsc
204ef6e0b855ec4315f4f13e2d3d1e1a 369780 misc optional inotify-tools_3.3.orig.tar.gz
7bde9f27b0bb470a44d64b40b1e217e1 5311 misc optional inotify-tools_3.3-2.diff.gz
e462da2503c92d98510647fb0c1f44eb 78260 misc optional inotify-tools_3.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHdEkXXm3vHE4uyloRAqH2AJ4y5sbLvWAH6M29kJaMuwIU5SOB1QCgoLmr
eWVuFWu5DL6s+rwXeuqf+kQ=
=j6f4
-----END PGP SIGNATURE-----
Reply sent to Peter Makholm <peter@makholm.net>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Source: inotify-tools
Source-Version: 3.3-2
We believe that the bug you reported is fixed in the latest version of
inotify-tools, which is due to be installed in the Debian FTP archive:
inotify-tools_3.3-2.diff.gz
to pool/main/i/inotify-tools/inotify-tools_3.3-2.diff.gz
inotify-tools_3.3-2.dsc
to pool/main/i/inotify-tools/inotify-tools_3.3-2.dsc
inotify-tools_3.3-2_i386.deb
to pool/main/i/inotify-tools/inotify-tools_3.3-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 443913@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Peter Makholm <peter@makholm.net> (supplier of updated inotify-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 25 Sep 2007 08:18:02 +0200
Source: inotify-tools
Binary: inotify-tools
Architecture: source i386
Version: 3.3-2
Distribution: stable-security
Urgency: high
Maintainer: Peter Makholm <peter@makholm.net>
Changed-By: Peter Makholm <peter@makholm.net>
Description:
inotify-tools - command-line programs providing a simple interface to inotify
Closes: 443913
Changes:
inotify-tools (3.3-2) stable-security; urgency=high
.
* Fixes buffer overflow in inotifytools_snprintf (CVE-2007-5037)
by backporting changes from new upstream vesion (3.11)
(Closes: #443913)
Files:
883ee55627b7becb5a9ca1a2e569281b 624 misc optional inotify-tools_3.3-2.dsc
204ef6e0b855ec4315f4f13e2d3d1e1a 369780 misc optional inotify-tools_3.3.orig.tar.gz
7bde9f27b0bb470a44d64b40b1e217e1 5311 misc optional inotify-tools_3.3-2.diff.gz
e462da2503c92d98510647fb0c1f44eb 78260 misc optional inotify-tools_3.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHdEkXXm3vHE4uyloRAqH2AJ4y5sbLvWAH6M29kJaMuwIU5SOB1QCgoLmr
eWVuFWu5DL6s+rwXeuqf+kQ=
=j6f4
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 16 Mar 2008 07:27:12 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.