72521 2004-11-25 20:31 0000 sys-apps/file-4.12 heads up 2004-12-14 00:40:27 0000 1 Unclassified Gentoo Security Vulnerabilities unspecified All All RESOLVED FIXED A2 [glsa] jaervosz P2 major --- 73786 1 jaervosz@gentoo.org security@gentoo.org jaervosz@gentoo.org 2004-11-25 20:31:46 0000 Stack smashing bug in file/src/readelf.c:donote() mentioned in file's changelog does not look so harmless. --- file-4.10/ChangeLog jaervosz@gentoo.org 2004-11-25 20:31:46 0000 Stack smashing bug in file/src/readelf.c:donote() mentioned in file's changelog does not look so harmless. --- file-4.10/ChangeLog 2004-07-25 00:38:54 +0400 +++ file-4.12/ChangeLog 2004-11-24 20:39:06 +0300 @@ -1,3 +1,30 @@ +2004-11-24 12:39  Christos Zoulas  <christos@zoulas.com> + +       * Stack smash fix, and ELF more conservative reading. +         Jakub Bogusz <qboosh@pld-linux.org> + +2004-11-20 18:50  Christos Zoulas  <christos@zoulas.com> + +       * New FreeBSD version parsing code: +         Jon Noack <noackjr@alumni.rice.edu> + +       * Hackish support for ucs16 strings <christos@zoulas.com> + +2004-11-13 03:07  Christos Zoulas  <christos@zoulas.com> + +       * print the file name and line number in syntax errors. + +2004 10-12 10:50  Christos Zoulas  <christos@zoulas.com> + +       * Fix stack overwriting on 0 length strings: Tim Waugh +           <twaugh@redhat.com> Ned Ludd <solar@gentoo.org> + +2004-09-27 11:30  Christos Zoulas  <christos@zoulas.com> + +       * Remove 3rd and 4th copyright clause; approved by Ian Darwin. + +       * Fix small memory leaks; caught by: Tamas Sarlos +           <stamas@csillag.ilab.sztaki.hu>    2004-07-24 16:33  Christos Zoulas  <christos@zoulas.com>   solar@gentoo.org 2004-11-26 18:45:58 0000 I've already put a new one of these in the tree as ~arch-all koon@gentoo.org 2004-11-29 08:11:52 0000 Waiting for a public disclosure date. vorlon@gentoo.org 2004-12-07 04:23:21 0000 looks public http://securitytracker.com/alerts/2004/Dec/1012433.html 'File' Stack Overflow in Processing ELF Headers May Permit Arbitrary Code Execution SecurityTracker Alert ID: 1012433 SecurityTracker URL: http://securitytracker.com/id?1012433 CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site) Date: Dec 6 2004 Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network Version(s): prior to 4.12 Description: A vulnerability was reported in 'file'. A user may be able to execute arbitrary code on the target system. Trustix reported a vulnerability in the ELF header parsing code in 'file'. A user may be able to create a specially crafted ELF file that, when processed using 'file', may be able to modify the stack and potentially execute arbitrary code. Impact: A user may be able to execute arbitrary code on the target system. Solution: No solution was available at the time of this entry. Cause: Not specified Underlying OS: Linux (Any), UNIX (Any) jaervosz@gentoo.org 2004-12-07 04:56:49 0000 Arches please mark 4.12 stable. Target KEYWORDS="alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86" Note to sh: no arch alias exists so someone (vapier?) please mark it sh. gustavoz@gentoo.org 2004-12-07 06:16:34 0000 sparc stable. kingtaco@gentoo.org 2004-12-07 06:33:58 0000 stable on amd64 solar@gentoo.org 2004-12-07 08:32:27 0000 stable on x86 dragonheart@gentoo.org 2004-12-07 13:13:48 0000 ppc stable. kumba@gentoo.org 2004-12-08 01:36:56 0000 mips can't stable this revision unless we can get the file-4.xx-mips-gentoo.diff patch to apply, otherwise, file gives bad output on mips systems that mess up configure scripts. The interesting thing is, the patch applies fine outside of portage, but applying within the ebuild, the dry-run sweep creates .orig files that cause epatch to fail on the second pass. We got a workaround for this? kloeri@gentoo.org 2004-12-08 02:29:13 0000 Alpha stable. kumba@gentoo.org 2004-12-08 03:01:28 0000 Okay, disregard Comment #9; seems the patch we use it responsible for the .orig file breaking things. Will fix && stabilize in the morning. hardave@gentoo.org 2004-12-08 13:14:03 0000 Stable on mips. gmsoft@gentoo.org 2004-12-10 04:50:11 0000 Stable on hppa. koon@gentoo.org 2004-12-10 08:31:51 0000 ppc64 please mark stable so that the GLSA can go out. corsair@gentoo.org 2004-12-10 23:35:29 0000 stable on ppc64 vapier@gentoo.org 2004-12-12 17:45:15 0000 stable for everyone else now too vorlon@gentoo.org 2004-12-13 14:47:19 0000 GLSA 200412-07 thanks everyone eradicator@gentoo.org 2004-12-13 20:28:50 0000 lta Magdir/xenix Magdir/xo65 Magdir/xwindows Magdir/zilog Magdir/zyxel; do \ if test -f ./$frag; then \ f=./$frag; \ else \ f=$frag; \ fi; \ cat $f; \ done >> magic /usr/bin/file -C -m magic WARNING: type lestring16 >0 Description: %15.15s invalid file: could not find any magic files! make[2]: *** [magic.mgc] Error 255 make[2]: Leaving directory `/usr/tmp/portage/file-4.12/work/file-4.12/magic' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/tmp/portage/file-4.12/work/file-4.12' make: *** [all] Error 2 !!! ERROR: sys-apps/file-4.12 failed. !!! Function src_compile, Line 51, Exitcode 2 !!! emake failed !!! If you need support, post the topmost build error, NOT this status message. Portage 2.0.51-r3 (hardened/x86, gcc-3.3.2, glibc-2.3.2-r12, 2.4.27-grsec-2.0.1 i686) ================================================================= System uname: 2.4.27-grsec-2.0.1 i686 Pentium III (Coppermine) Gentoo Base System version 1.4.3.13 Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.3 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux-headers-2.4.19-r1,sys-kernel/linux-headers-2.4.21-r1 Libtools: sys-devel/libtool-1.5.2-r7 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium3 -mcpu=pentium3 -O2 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -mcpu=pentium3 -O2 -pipe" DISTDIR="/usr/local/download/portage/distfiles" FEATURES="autoaddcvs ccache distlocks sandbox strict userpriv usersandbox" GENTOO_MIRRORS="http://gentoo.osuosl.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage//packages/x86/" PORTAGE_TMPDIR="/usr/tmp" PORTDIR="/usr/portage/" PORTDIR_OVERLAY="/usr/local/download/portage" SYNC="rsync://rsync14.us.gentoo.org/gentoo-portage" USE="X509 aalib acl apache2 bcmath berkdb bzlib calendar chroot clamav cpdflib crypt cscope ctype curl curlwrappers dba dbase dbm dbx dio dlloader doc emacs emacs-w3 exif ext-png ext-zlib fam filepro flash flatfile freetds ftp gd gdbm gif gpm guile hardened iconv idea imagemagick imap informix innodb ipalias java javamail javascript jdepend jikes jpeg justify kerberos krb4 lcms libedit libwww maildir mcal mdb mhash migemo mime mmx mnogosearch motif msession mysql mysqli nagios-dns nagios-ntp nagios-ping nagios-ssh ncurses nis nls oav oci8 odbc pam parse-clocks pcntl pdflib perl pg-hier pg-intdatetime pg-vacuumdelay php pic pie plotutils png pnp posix postgres prelude propolice python readline recode ruby samba sasl session sharedmem simplexml skey slang snmp soap sockets spell spl sqlite sse ssl svg sysvipc tcpd tetex tidy tiff tokenizer truetype usb virus-scan wddx wmf x86 xchatnogtk xchattext xface xml xml2 xmlrpc xpm xsl yaz zeo zlib" sys-apps/file-4.06 is the currently installed version... I'll test out others... vapier@gentoo.org 2004-12-13 20:53:18 0000 learn to use bugzilla :P (error filed as Bug 73786) eradicator@gentoo.org 2004-12-13 22:35:42 0000 vapier: That bug is preventing this security bug from being resolved (regardless of whether or not you mark it 'RESOLVED' because a secure package is not available to our users who can't emerge it. That bug should have been resolved before this was marked stable. jaervosz@gentoo.org 2004-12-13 23:44:30 0000 eradicator: I agree this should have been fixed before if we were alerted to the fact that there was a bug. eradicator@gentoo.org 2004-12-14 00:20:58 0000 bug #73786: 2004-12-08 04:17 PST GLSA: 2004-12-13 14:47 PST The bug was filed 5 days before the GLSA was announced. base-system should have mentioned this problem here and dealt with it so the GLSA could be released... jaervosz@gentoo.org 2004-12-14 00:40:27 0000 eradicator: you're right however base-system is not on this bug and security were only just alerted: Tue Dec 14 07:35:43 2004 jaervosz@gentoo.org 2004-12-14 00:40:27 0000 eradicator: you're right however base-system is not on this bug and security were only just alerted: Tue Dec 14 07:35:43 2004  http://bugs.gentoo.org/show_bug.cgi?id=72521 eradicator@gentoo.org changed:            What    |Removed                     |Added ----------------------------------------------------------------------------   BugsThisDependsOn|                            |73786