[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:33867] Bug#JP/1565: marked as done (mnews: local and remote overflow vulnerabilities)



Taku YASUI <tach@debian.or.jp>さんの Wed, 31 Jul 2002 18:56:38 +0900 (JST)付けの
message-id <20020731095638.4C444B0410@hp.debian.or.jp>
subject Bug#1565: fixed in mnews 1.22PL6-1 
のメッセージにより以下のバグ報告は「処理済」とされました。

もし、間違ったバグ報告を「処理済」にしてしまった場合は
必要に応じてバグ報告を再発行し、そして/または、ただちに問題を修正してください。

(注: これは Debian JP Bug Tracking System が発行している
自動応答メッセージで、debian-users メイリングリストにも送られています。
あなたがシステム管理者で、このメッセージが何について書かれている
かよくわからないのでしたら、どこかに深刻なメールシステムの誤設定がある
ことを示しています。すぐに私まで連絡をいただけないでしょうか)
(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

-- 
Debian JP Bug Tracking System / owner@bugs.debian.or.jp


From ftpadm@hp.debian.or.jp  Wed Jul 31 18:56:48 2002
To: 1565-close@bugs.debian.or.jp
X-Katie: $Revision: 1.36 $
Subject: Bug#1565: fixed in mnews 1.22PL6-1
Message-Id: <20020731095638.4C444B0410@hp.debian.or.jp>
Date: Wed, 31 Jul 2002 18:56:38 +0900 (JST)
X-Spam-Status: No, hits=-2.0 required=10.0
	tests=DOUBLE_CAPSWORD,PGP_SIGNATURE
	version=2.31
X-Spam-Level: 

We believe that the bug you reported is fixed in the latest version of
mnews, which has been installed in the Debian-JP FTP archive:

mnews_1.22PL6.orig.tar.gz
  to pool/non-free/m/mnews/mnews_1.22PL6.orig.tar.gz
mnews_1.22PL6-1.dsc
  to pool/non-free/m/mnews/mnews_1.22PL6-1.dsc
mnews_1.22PL6-1.diff.gz
  to pool/non-free/m/mnews/mnews_1.22PL6-1.diff.gz
mnews_1.22PL6-1_i386.deb
  to pool/non-free/m/mnews/mnews_1.22PL6-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1565@bugs.debian.or.jp,
and the maintainer will reopen the bug report if appropriate.

Debian-JP distribution maintenance software
pp.
Taku YASUI <tach@debian.or.jp> (supplier of updated mnews package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpadm@debian.or.jp)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 29 Jul 2002 17:12:55 +0900
Source: mnews
Binary: mnews
Architecture: source i386
Version: 1.22PL6-1
Distribution: unstable
Urgency: high
Maintainer: Taku YASUI <tach@debian.or.jp>
Changed-By: Taku YASUI <tach@debian.or.jp>
Description: 
 mnews      - mini news-reader and also mail-reader
Closes: 1458 1522 1565
Changes: 
 mnews (1.22PL6-1) unstable; urgency=high
 .
   * New Upstream Release.
     (closes: #1458, #1522, #1565)
Files: 
 fd0704b09906f92b78f992d91a6cc6d3 575 non-free/news optional mnews_1.22PL6-1.dsc
 e6edcd1ad17e6ad2bfefdb5d0d6cfbd8 503627 non-free/news optional mnews_1.22PL6.orig.tar.gz
 29cde5316ae351701cfe72d9f1808fbf 14821 non-free/news optional mnews_1.22PL6-1.diff.gz
 d33a4ccb9ff95add5611324b5ee68eee 282122 non-free/news optional mnews_1.22PL6-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE9RQz2FwU5DuZsm7ARAq3GAKCdXRPM/BY87RQcC4B7/bKZSMauawCdHUmC
0TJWMyKsd/EYfFODdLKraGc=
=kDZm
-----END PGP SIGNATURE-----



From tats@xxxxxxxxxx  Wed Jun  5 19:39:04 2002
Date: Wed, 05 Jun 2002 19:36:14 +0900 (JST)
Message-Id: <20020605.193614.38395157.05@xxxxxxxxxxxxxxx>
To: submit@bugs.debian.or.jp
Subject: mnews: local and remote overflow vulnerabilities
From: Tatsuya Kinoshita <tats@xxxxxxxxxx>
X-Mailer: Mew version 3.0.55 on Emacs 20.7 / Mule 4.0 (HANANOEN)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Package: mnews
Version: 1.22PL4-2
Severity: critical

I saw the patch that fixes a security problem of FreeBSD's mnews:

  [ports-jp 12931] security fix: mnews
  http://home.jp.FreeBSD.org/cgi-bin/showmail/ports-jp/12931

Maybe woody-jp's mnews has the same problem.

In message [ports-jp 12931], on Tue, 4 Jun 2002,
Yoshihiko SARUMARU wrote:

| > I found security adovisory for mnews on bugtraq ML today.
| > I made a patch for this security problem and sent to author,
| > takuma-san about 10 hours before (but I have no answer from him
| > yet).

| > security adovisory:
| > http://archives.neohapsis.com/archives/bugtraq/2002-05/0287.html
| > 
| > exploit code:
| > http://archives.neohapsis.com/archives/bugtraq/2002-05/0296.html
| > 
| > --- tcplib/tcplib.c.orig	Fri Dec 17 02:27:36 1999
| > +++ tcplib/tcplib.c	Mon Jun  3 17:31:01 2002
| > @@ -498,7 +498,7 @@
| >    }
| >    buf[cnt] = '\0';
| >    fp->ptr = ptr;
| > -  fp->len = len;
| > +  fp->len = cnt;
| >    return(cnt);
| >  }
| >  #endif	/* !MSDOS */

In message http://archives.neohapsis.com/archives/bugtraq/2002-05/0287.html
on Fri, 31 May 2002, zillion wrote:

| Strategic Reconnaissance Team Security Advisory (SRT2002-04-31-1159)
| 
| Topic : Mnews local and remote overflow vulnerabilities
| Date : May 31, 2002
| Credit : zillion[at]safemode.org
| Site : http://www.snosoft.com

| .: Description:
| ---------------
| 
|  Mnews is a small console based email and news client which is often
|  installed setgid mail. Several local and remote overflows have been
|  identified in this package.
| 
|  Local overflows where found in the -f, -n, -D, -M, -P parameters and
|  in the JNAMES, MAILSERVER environment variables. The remote overflow
|  resides in the code responsible for processing responses received from
|  the NNTP server. For example the following response will result in an
|  overflow:
| 
|  200 <a x 770>
| 
|  If you look at the source code of mnews you will see that this package
|  is very outdated and dangerous to use on todays Internet.
| 
| .: Impact:
| ----------
| 
|  Local users might be able to elevate their privileges on the affected
|  systems. Remote malicious server owners can use mnews to penetrate an
|  affected system.
| 
|  We strongly recommend to stop using mnews.
| 
| .: Systems Affected:
| --------------------
| 
|  Systems running the mnews package version 1.22 are affected. It is
|  very likely that older versions are also affected.

-- 
Tatsuya Kinoshita