The aimsniff ebuild, version 0.9, contains a security vulnerability. Currently, it downloads and installs version 0.9b of aimsniff. This hole, documented by the aimsniff author in a post to the aimsniff forums at: http://www.aimsniff.com/forum/viewtopic.php?t=509 Can be fixed by updating the ebuild to download and install version 0.9d of aimsniff. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Undisclosed security problem... ebuild should be updated to use 0.9d.
working on it ...
I think this software should be remove from portage all together. Whats next 'emerge rootkit'
modified the current ebuild and left it on the internet here: http://www.prism.gatech.edu/~gte481z/aimsniff.html can not test it now as I am at work. Will submit an ebuild file and test results when I get back from work tonight. Anyone who wishes to test the ebuild at that link is welcome.
Why remove it from portage? Aimsniff has legitmate uses such as monitoring employees on company computers to make sure they are not abusing their companies internet use policy or finiancial institutions who are required to log all communication transactions. It's just a passive network packet sniffer. Really just a pretty version of tcpdump or ethereal, and not nearly as dangerous as ettercap (also in portage), speaking of "emerge rootkit".
fair enough.
Ebuild sorta seems to work. I don't have mysql or apache installed on my box at home to really to test it though. Someone else will need to take it up from here. I'm leaving the ebuild modifications I made up on the net at the address above.
sorry i haven't gotten around to this yet. We lost power all last night and this morning due to storms. I will see if I can get to it today.
New Ebuild to plug this whole submitted to bugzilla as bug #53905
*** Bug 53905 has been marked as a duplicate of this bug. ***
i'm not going to be able to get to this because my releng responsibilities are taking up my time. bug-wranglers?
Vulnerability description available at : http://www.osvdb.org/displayvuln.php?osvdb_id=6381 We need to find someone to bump or validate the provided ebuild.
posted a request[1] on gentoo-dev for a dev to take over maintainership of this package. Nobody responded. Masking for now. [1] http://article.gmane.org/gmane.linux.gentoo.devel/19008/
Even though I'd never use such a package, I hate seeing packages masked due to lack of maintainership. I'll take care of the bump, looks like the ebuild could use some love.
port001 : you're welcome :) Package has been masked in the meantime, updating status whiteboard.
Bumped ebuild in CVS. Converted the ebuild to use webapp also.
PPC : please test and mark the 0.9-r1 ebuild "~ppc" so that we can unmask it.
It has been marked. Since 0.9 was ~ppc you could have keyworded it yourselves, unless there was a specific reason to remove the keyword.
dholm: would've done it if I had commit access :) klieber: I think you can unmask the package. This is ready for a GLSA vote.
unmasking from package.mask. closing without GLSA since this is a ~masked ebuild.