[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UNIRAS Brief - 563/04 -Debian Security Advisory DSA 563-2 - New cyrus-sasl packages really fix arbitrary



 
-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------------
   UNIRAS (UK Govt CERT) Briefing Notice - 563/04 dated 13.10.04  Time: 13:59  
  UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ---------------------------------------------------------------------------------- 
  UNIRAS material is also available from its website at www.uniras.gov.uk and
         Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------

Title
=====

Debian Security Advisory DSA 563-2 - New cyrus-sasl packages really fix arbitrary 
code execution

Detail
====== 

A vulnerability has been discovered in the Cyrus implementation of
the SASL library, the Simple Authentication and Security Layer, a
method for adding authentication support to connection-based
protocols.  The library honors the environment variable SASL_PATH
blindly, which allows a local user to link against a malicious
library to run arbitrary code with the privileges of a setuid or
setgid application.




- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             

            ESB-2004.0640 -- Debian Security Advisory DSA 563-2
        New cyrus-sasl packages really fix arbitrary code execution
                              13 October 2004

===========================================================================

        

Product:                cyrus-sasl
Publisher:              Debian
Operating System:       Debian GNU/Linux 3.0
                        Linux variants
                        UNIX variants
Impact:                 Execute Arbitrary Code/Commands
                        Increased Privileges
Access:                 Existing Account
CVE Names:              CAN-2004-0884

Ref:                    ESB-2004.0630

- - -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - - --------------------------------------------------------------------------
Debian Security Advisory DSA 563-2                     security@xxxxxxxxxx
http://www.debian.org/security/                             Martin Schulze
October 12th, 2004                      http://www.debian.org/security/faq
- - - --------------------------------------------------------------------------

Package        : cyrus-sasl
Vulnerability  : unsanitised input
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0884
Debian Bug     : 275498

This advisory corrects DSA 563-1 which contained a library that caused other programs 
to fail unindented.

For the stable distribution (woody) this problem has been fixed in version 1.5.27-3woody3.

For reference the advisory text follows:

  A vulnerability has been discovered in the Cyrus implementation of
  the SASL library, the Simple Authentication and Security Layer, a
  method for adding authentication support to connection-based
  protocols.  The library honors the environment variable SASL_PATH
  blindly, which allows a local user to link against a malicious
  library to run arbitrary code with the privileges of a setuid or
  setgid application.

  For the unstable distribution (sid) this problem has been fixed in
  version 1.5.28-6.2 of cyrus-sasl and in version 2.1.19-1.3 of
  cyrus-sasl2.

We recommend that you upgrade your libsasl packages.


Upgrade Instructions
- - - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- - - --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27-3woody3.dsc
      Size/MD5 checksum:      711 91b4d0c36b104620ec5d67a95908da5a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27-3woody3.diff.gz
      Size/MD5 checksum:    40428 56130ac3dde75943d2f5d594881d4f31
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/cyrus-sasl_1.5.27.orig.tar.gz
      Size/MD5 checksum:   528252 76ea426e2e2da3b8d2e3a43af5488f3b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_alpha.deb
      Size/MD5 checksum:    76226 7450c31b1634f789234dcd045c72ba1c
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_alpha.deb
      Size/MD5 checksum:    19100 80dff5ceced2b6902557e2f2753b2c10
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_alpha.deb
      Size/MD5 checksum:    14944 1ebe9da02e5fa969591472fc1d7d86a2
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_alpha.deb
      Size/MD5 checksum:   172332 d4c236501921a441e5bdbe97f18e3818
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_alpha.deb
      Size/MD5 checksum:    13422 43012f7ffc98161bf238d1eccd124c1b

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_arm.deb
      Size/MD5 checksum:    70170 d4cdf775981a8f4bb41f4aec28562862
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_arm.deb
      Size/MD5 checksum:    15038 c34c52e62a3ecd1099daca1146a2c325
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_arm.deb
      Size/MD5 checksum:    12450 8cc784fd0e7a9f6c3fc8c85440f5d0da
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_arm.deb
      Size/MD5 checksum:   165914 32d2be1e5f58283b36d65904857c38d7
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_arm.deb
      Size/MD5 checksum:    10850 bba9b1694a4ea2bbbc533a029b589b26

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_i386.deb
      Size/MD5 checksum:    65292 91c7e706fbc6d6bf211960d8e4811eb2
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_i386.deb
      Size/MD5 checksum:    13298 433d2d981444495e6ca5e216543c8943
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_i386.deb
      Size/MD5 checksum:    11754 c97a58448542f29a1067291b52b94780
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_i386.deb
      Size/MD5 checksum:   162896 3b0e73e6f1425d9c5fad18377961d84b
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_i386.deb
      Size/MD5 checksum:    11078 ab906f86340a0b5c5f0bb3df8cdd5c9b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_ia64.deb
      Size/MD5 checksum:    83792 05302af9b91315c201c9c92cd5fe61ff
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_ia64.deb
      Size/MD5 checksum:    23252 c86b8f1bc3b75a25e05c5c63738c3e4e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_ia64.deb
      Size/MD5 checksum:    19964 75a969bda18dbd3b6d9b8a5a257ed71e
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_ia64.deb
      Size/MD5 checksum:   180990 d03f4ab68d2e9934561ed1852671df3d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_ia64.deb
      Size/MD5 checksum:    14238 133ec7ac7d983036bd0b098856239272

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_hppa.deb
      Size/MD5 checksum:    75324 0b802ea7f227d06d0de2b1d6c255d3ba
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_hppa.deb
      Size/MD5 checksum:    18286 2ee50c0ea3d8d2904d737edbf6f51736
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_hppa.deb
      Size/MD5 checksum:    15470 ab652ce834c1a1946009402886a940bb
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_hppa.deb
      Size/MD5 checksum:   171242 d83593d56f74ee92998a804dbb2cf67c
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_hppa.deb
      Size/MD5 checksum:    11904 9484fe5429cda40dc6083537dd17426b

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_m68k.deb
      Size/MD5 checksum:    64738 a4b399d98655e6ee77241227ee86c2e2
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_m68k.deb
      Size/MD5 checksum:    13102 1c3e8fa88d42d621420fb9d8e1607573
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_m68k.deb
      Size/MD5 checksum:    11804 0608eb94698ee5fc87159f686f34d039
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_m68k.deb
      Size/MD5 checksum:   162838 ba3d43e64daec7da2a2eeb47c394db8a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_m68k.deb
      Size/MD5 checksum:    10908 8f70e837ed7167d96b5ca9e4fd55c9e9

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_mips.deb
      Size/MD5 checksum:    72916 8c174e6a6e519114662ee701f4200936
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_mips.deb
      Size/MD5 checksum:    15946 b18ecabdb2e35db13beffca809e23487
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_mips.deb
      Size/MD5 checksum:    13346 d1764e156b4ed3c1e5f7eaf2a559bcf0
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_mips.deb
      Size/MD5 checksum:   165812 960d06d45f9740419f9c0b73b593c3bd
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_mips.deb
      Size/MD5 checksum:    11318 11682f55a6c99e156d6314f92dd4aa0b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_mipsel.deb
      Size/MD5 checksum:    72966 c9b7a298d89d3c7d9c7e36ee7f463ad9
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_mipsel.deb
      Size/MD5 checksum:    16262 fd4ca17e75656bfe0e49686fc746ca54
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_mipsel.deb
      Size/MD5 checksum:    13292 3bf13fa11ea13520fda7491ec27948df
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_mipsel.deb
      Size/MD5 checksum:   165918 76d312c85fb2393fe6c2d0ffbf6689e3
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_mipsel.deb
      Size/MD5 checksum:    11280 3e3bda9496b303fc6e1e053b9fb723de

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_powerpc.deb
      Size/MD5 checksum:    70918 6eee1277a09b70eb561aec3eff80111a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_powerpc.deb
      Size/MD5 checksum:    16076 592393749a7d6475d8cb5cf5d5d901cf
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_powerpc.deb
      Size/MD5 checksum:    13468 83bc3efbfd45d77fdd7a6d93c9417a90
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_powerpc.deb
      Size/MD5 checksum:   166594 ecb898c16ad7b6350ac0aadb369320d6
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_powerpc.deb
      Size/MD5 checksum:    11002 402a89f71a142ba2ccb5189211d8a12e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_s390.deb
      Size/MD5 checksum:    67026 9b21bb28b3a4c8cee9de0b35da4f7cf0
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_s390.deb
      Size/MD5 checksum:    14410 72ab4e29865eb17710ec25189c5f535d
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_s390.deb
      Size/MD5 checksum:    12392 a5a3dc484a9733e0b3e404d2589f8915
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_s390.deb
      Size/MD5 checksum:   165406 3f8dec1387c80bfeaf8d2878f3f8acbc
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_s390.deb
      Size/MD5 checksum:    11626 d08b68882e58c36950a998a081a3b5d5

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-dev_1.5.27-3woody3_sparc.deb
      Size/MD5 checksum:    68252 52186d78b3ad3fb76c5fe707d77d9b75
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-digestmd5-plain_1.5.27-3woody3_sparc.deb
      Size/MD5 checksum:    14802 d2b0a39fa2e4dac6836ff1cc4b179838
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl-modules-plain_1.5.27-3woody3_sparc.deb
      Size/MD5 checksum:    11908 3e58d976ae3867e9e8829b5956f2271a
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/libsasl7_1.5.27-3woody3_sparc.deb
      Size/MD5 checksum:   164874 9632f56622cd4cb1f0489b8188da45dd
    http://security.debian.org/pool/updates/main/c/cyrus-sasl/sasl-bin_1.5.27-3woody3_sparc.deb
      Size/MD5 checksum:    13556 fb4002c8597e495fef0c3ff410442534


  These files will probably be moved into the stable distribution on
  its next update.

- - - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: 
ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: 
debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

- - -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBbAw/W5ql+IAeqTIRAmI/AJ93/EAbszDfBgPQRAXbkwssEmGEoACfb8GN
pAAIxEg1AX0aH76w374vyiw=
=zDRq
- - -----END PGP SIGNATURE-----


iQCVAwUBQWxlUyh9+71yA2DNAQL5fgP9HPSxxwyjg7r44MtQPSzV1clDmlZ+BCot
z5AgbVPRl+Z/yGejeyGih80j/hxZngJ8pVpVfPhFLk/NHtYHz8+bxhWAcu4jIfpM
LgyiFZLAru2UT0swvqwF/50ZHoYjUnkFhn5KgBueKky0fO5HO3QTbYinhLUtovWT
n2M+YHG3tPY=
=GD54
- -----END PGP SIGNATURE-----

- ----------------------------------------------------------------------------------

For additional information or assistance, please contact the HELP Desk by 
telephone or Not Protectively Marked information may be sent via 
EMail to: uniras@xxxxxxxxxxxx

Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749

Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts

- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of Debian for the information 
contained in this Briefing. 
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some 
of the information may have changed since it was released. If the vulnerability 
affects you, it may be prudent to retrieve the advisory from the canonical site 
to ensure that you receive the most current information concerning that problem.

Reference to any specific commercial product, process, or service by trade 
name, trademark manufacturer, or otherwise, does not constitute or imply 
its endorsement, recommendation, or favouring by UNIRAS or NISCC.  The views 
and opinions of authors expressed within this notice shall not be used for 
advertising or product endorsement purposes.

Neither UNIRAS or NISCC shall also accept responsibility for any errors 
or omissions contained within this briefing notice. In particular, they shall 
not be liable for any loss or damage whatsoever, arising from or in connection 
with the usage of information contained within this notice.

UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) 
and has contacts with other international Incident Response Teams (IRTs) in 
order to foster cooperation and coordination in incident prevention, to prompt 
rapid reaction to incidents, and to promote information sharing amongst its 
members and the community at large. 
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQCVAwUBQW0mi4pao72zK539AQHWfQP/RjjBtyFwGmuFAg+jj00G0X4gnb1sXRVm
nIhs1f39zQ8q8xaEDBA9oNc5uut2eMmFnyPergdOZE7YSNtdTmEJR3MBoxR8Gkh3
ldKiPxLvDwKae1TBC2YYS5S6XsGoaCMXZbfDZAPLUCSnbTYIg87f0ZBx6BO1kNM5
840oqzUGwwY=
=0ngM
-----END PGP SIGNATURE-----