CVE-2007-6208 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6208): sylprint.pl in claws mail tools (claws-mail-tools) allows local users to overwrite arbitrary files via a symlink attack on the sylprint.[USER].[PID] temporary file.
Ticho and net-mail, please advise.
Upstream decided to remove the unmaintained script from distribution tarball, so we're doing the same for all claws-mail ebuilds currently in the tree, including 3.0.0, which is marked stable for all arches. After my commit, all three claws-mail ebuilds are safe in regards to this bug. To push this fix to users, please stabilize 3.0.2, which is a pure bugfix release over 3.0.0, and I've been meaning to ask for its stabilization anyway - no point in bumping to 3.0.0-r1 with this fix, only to ask for 3.0.2 stabilization few days later, right?
please revbump the 3.0.2 and 3.1.0 ebuilds first so ~arch users also get a forced upgrade.
Good idea, done. 3.0.2-r1 is the target for stabilization then.
Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1. Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Does not compile on amd64. Build log: for file in OOo2claws-mail.pl acroread2claws-mail.pl claws-mail-compose-insert-files.pl calypso_convert.pl convert_mbox.pl eud2gc.py filter_conv.pl filter_conv_new.pl fix_date.sh freshmeat_search.pl gif2xface.pl google_msgid.pl google_search.pl kmail2claws-mail.pl kmail2claws-mail_v2.pl kmail-mailbox2claws-mail.pl mairix.sh mew2claws-mail.pl multiwebsearch.pl nautilus2claws-mail.sh outlook2claws-mail.pl popfile-link.sh sylprint.pl sylprint.rc tb2claws-mail tbird2claws.py textviewer.pl textviewer.sh thunderbird-filters-convertor.pl update-po uudec uuooffice vcard2xml.py kdeservicemenu/install.sh kdeservicemenu/claws-mail-kdeservicemenu.pl; do \ if [ ! -e ../tools/$file ]; then \ todir=../tools; \ dir=$(dirname $file); \ if [ ! $dir = . ]; then \ todir=$todir/$dir; \ fi; \ cp ../tools/$file $todir; \ fi; \ done; cp: cannot stat `../tools/sylprint.pl': No such file or directory cp: cannot stat `../tools/sylprint.rc': No such file or directory chmod u+x OOo2claws-mail.pl acroread2claws-mail.pl claws-mail-compose-insert-files.pl calypso_convert.pl convert_mbox.pl eud2gc.py filter_conv.pl filter_conv_new.pl fix_date.sh freshmeat_search.pl gif2xface.pl google_msgid.pl google_search.pl kmail2claws-mail.pl kmail2claws-mail_v2.pl kmail-mailbox2claws-mail.pl mairix.sh mew2claws-mail.pl multiwebsearch.pl nautilus2claws-mail.sh outlook2claws-mail.pl popfile-link.sh sylprint.pl sylprint.rc tb2claws-mail tbird2claws.py textviewer.pl textviewer.sh thunderbird-filters-convertor.pl update-po uudec uuooffice vcard2xml.py kdeservicemenu/install.sh kdeservicemenu/claws-mail-kdeservicemenu.pl chmod: cannot access `sylprint.pl': No such file or directory chmod: cannot access `sylprint.rc': No such file or directory make[2]: *** [all-local] Error 1 make[2]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/work/claws-mail-3.0.2/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/work/claws-mail-3.0.2' make: *** [all] Error 2 * * ERROR: mail-client/claws-mail-3.0.2-r1 failed. * Call stack: * ebuild.sh, line 1701: Called dyn_compile * ebuild.sh, line 1039: Called qa_call 'src_compile' * ebuild.sh, line 44: Called src_compile * claws-mail-3.0.2-r1.ebuild, line 90: Called die * The specific snippet of code: * emake || die * The die message: * (no error message) * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/temp/build.log'. * * Messages for package mail-client/claws-mail-3.0.2-r1: * * ERROR: mail-client/claws-mail-3.0.2-r1 failed. * Call stack: * ebuild.sh, line 1701: Called dyn_compile * ebuild.sh, line 1039: Called qa_call 'src_compile' * ebuild.sh, line 44: Called src_compile * claws-mail-3.0.2-r1.ebuild, line 90: Called die * The specific snippet of code: * emake || die * The die message: * (no error message) * * If you need support, post the topmost build error, and the call stack if relevant. * A complete build log is located at '/var/tmp/portage/mail-client/claws-mail-3.0.2-r1/temp/build.log'. * emerge --info: Portage 2.1.3.19 (default-linux/amd64/2007.0, gcc-4.1.2, glibc-2.6.1-r0, 2.6.22-gentoo-r9 x86_64) ================================================================= System uname: 2.6.22-gentoo-r9 x86_64 Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz Timestamp of tree: Tue, 04 Dec 2007 23:30:01 +0000 app-shells/bash: 3.2_p17 dev-java/java-config: 1.3.7, 2.0.33-r1 dev-lang/python: 2.4.4-r6, 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 1.12.9-r2 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.3.16 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.22-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-O2 -pipe -fomit-frame-pointer -march=nocona" DISTDIR="/usr/portage/distfiles" FEATURES="collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch" GENTOO_MIRRORS="http://gentoo.cites.uiuc.edu/pub/gentoo/" LINGUAS="en" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X a52 aac acl acpi alsa amd64 berkdb bitmap-fonts cli cracklib crypt cups dri flac fortran gdbm gif gpm iconv ipv6 isdnlog jpeg midi mmx mp3 mudflap ncurses nls nptl nptlonly ogg opengl openmp pam pcre perl png pppd python readline reflection session spl sse sse2 ssl tcpd test truetype-fonts type1-fonts unicode vorbis xorg xv zlib" ALSA_CARDS="hda-intel" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="evdev keyboard mouse synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="i810 vesa vga" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Yup. The same for me. # emerge --info Portage 2.1.4_rc4 (default-linux/amd64/2007.0, gcc-4.2.2, glibc-2.7-r0, 2.6.23-kamikaze5-endar-v19 x86_64) ================================================================= System uname: 2.6.23-kamikaze5-endar-v19 x86_64 AMD Turion(tm) 64 Mobile Technology MT-32 Timestamp of tree: Wed, 05 Dec 2007 01:46:01 +0000 app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.1.3 dev-lang/python: 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 sys-apps/baselayout: 2.0.0_rc6 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ABI="amd64" ACCEPT_KEYWORDS="amd64 ~amd64" ALSA_CARDS="intel8x0 usb-audio" ALSA_PCM_PLUGINS="ioplug dmix empty copy rate null route share shm softvol lfloat linear" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ARCH="amd64" ASFLAGS_x86="--32" AUTOCLEAN="yes" CAMERAS="canon ptp2" CBUILD="x86_64-pc-linux-gnu" CDEFINE_amd64="__x86_64__" CDEFINE_x86="__i386__" CFLAGS="-O2 -pipe -msse3 -march=athlon64" CFLAGS_x86="-m32 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib" CHOST="x86_64-pc-linux-gnu" CHOST_amd64="x86_64-pc-linux-gnu" CHOST_x86="i686-pc-linux-gnu" CLASSPATH="." CLEAN_DELAY="5" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/splash /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d" CVS_RSH="ssh" CXXFLAGS="-O2 -pipe -msse3 -march=athlon64" DBUS_SESSION_BUS_ADDRESS="unix:path=/var/run/dbus/system_bus_socket" DEFAULT_ABI="amd64" DISPLAY=":0.0" DISTDIR="/usr/portage/distfiles" EDITOR="/usr/bin/vim" ELIBC="glibc" EMERGE_DEFAULT_OPTS="--verbose --ask --tree" EMERGE_WARNING_DELAY="10" FEATURES="distlocks metadata-transfer moo parallel-fetch prelink sandbox sfperms strict unmerge-orphans userfetch" FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}" GCC_SPECS="" GDK_USE_XFT="1" GENTOO_MIRRORS="http://src.gentoo.pl/ http://gentoo.prz.rzeszow.pl/ http://gentoo.po.opole.pl http://dev.gentoo.org/~vapier/dist" HOME="/root" INFOPATH="/usr/share/info:/usr/share/binutils-data/x86_64-pc-linux-gnu/2.18/info:/usr/share/gcc-data/x86_64-pc-linux-gnu/4.2.2/info" INPUT_DEVICES="mouse keyboard synaptics" JAVAC="/etc/java-config-2/current-system-vm/bin/javac" JAVA_HOME="/etc/java-config-2/current-system-vm" JDK_HOME="/etc/java-config-2/current-system-vm" KERNEL="linux" LANG="pl_PL" LANGUAGE="48" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LC_ALL="pl_PL" LDFLAGS_x86="-m elf_i386 -L/emul/linux/x86/lib -L/emul/linux/x86/usr/lib" LESS="-R -M --shift 5" LESSOPEN="|lesspipe.sh %s" LIBDIR_amd64="lib64" LIBDIR_x86="lib32" LINGUAS="pl" LOGNAME="root" MAKEOPTS="-j3" MULTILIB_ABIS="amd64 x86" MULTILIB_STRICT_DENY="64-bit.*shared object" MULTILIB_STRICT_DIRS="/lib /usr/lib /usr/kde/*/lib /usr/qt/*/lib usr/X11R6/lib" MULTILIB_STRICT_EXEMPT="(perl5|gcc|gcc-lib|binutils|eclipse-3|debug|portage)" OOO_FORCE_DESKTOP="gnome" OPENGL_PROFILE="nvidia" PATH="/home/manwe/.bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.2.2:/opt/vmware/workstation/bin:/sbin:/usr/games/bin" PKGDIR="/usr/portage/packages" PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa sparc-fbsd" PORTAGE_BINHOST_CHUNKSIZE="3000" PORTAGE_BIN_PATH="/usr/lib64/portage/bin" PORTAGE_CONFIGROOT="/" PORTAGE_DEBUG="0" PORTAGE_DEPCACHEDIR="/var/cache/edb/dep" PORTAGE_ECLASS_WARNING_ENABLE="0" PORTAGE_ELOG_CLASSES="warn error info log qa" PORTAGE_ELOG_MAILFROM="portage@localhost" PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}" PORTAGE_ELOG_MAILURI="root" PORTAGE_ELOG_SYSTEM="save" PORTAGE_GID="250" PORTAGE_INST_GID="0" PORTAGE_INST_UID="0" PORTAGE_NICENESS="19" PORTAGE_PYM_PATH="/usr/lib64/portage/pym" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*" PORTAGE_RSYNC_RETRIES="3" PORTAGE_TMPDIR="/var/tmp" PORTAGE_WORKDIR_MODE="0700" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/portages/layman/custom-kernels /usr/portages/layman/arcon-portage /usr/portages/layman/php-testing /usr/portages/layman/php-experimental /usr/portages/layman/xeffects /usr/portages/layman/initng /usr/portages/manwe" PORT_LOGDIR="/var/log/portage" PRELINK_PATH_MASK="/opt:/usr/lib64/klibc" PWD="/root" PYTHONPATH="/usr/lib64/portage/pym" RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -O ${DISTDIR}/${FILE} ${URI}" ROOT="/" ROOTPATH="/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.2.2:/opt/vmware/workstation/bin" RPMDIR="/usr/portage/rpm" SHELL="/bin/bash" SHLVL="2" STAGE1_USE="nptl nptlonly unicode" SYMLINK_LIB="yes" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" TERM="rxvt" USE="3dnow 3dnowext X a52 aac aalib acpi aiglx alsa amd64 apache2 apm bash-completion bcmath berkdb bluetooth branding browserplugin bzip2 calendar cdinstall cdr crypt cups dbus directfb dvd dvdr dvdread encode fbcon ffmpeg ftp gd-exteral gif glut gpm gtk2 ieee1394 irda jabber javascript jpeg libwww lm_sensors madwifi mmx mozilla mp3 mpd mpeg3 mysql ncurses newspr nls nptl nptlonly nsplugin nvidia ogg opengl pam pcmcia pdf perl php png samba soap spell sse sse2 sse3 ssl svg tiff truetype truetype-fonts usb vim wifi with-x wmf xcomposite xinerama xorg xosd xv xvid" ALSA_CARDS="intel8x0 usb-audio" ALSA_PCM_PLUGINS="ioplug dmix empty copy rate null route share shm softvol lfloat linear" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CAMERAS="canon ptp2" ELIBC="glibc" INPUT_DEVICES="mouse keyboard synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="pl" USERLAND="GNU" VIDEO_CARDS="nvidia nv fbdev" USER="root" USERLAND="GNU" USE_EXPAND="ALSA_CARDS ALSA_PCM_PLUGINS APACHE2_MODULES APACHE2_MPMS CAMERAS CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LCD_DEVICES LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS" USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
I also get the same compile error on the recently-bumped claws-mail-3.1.0-r1 Portage 2.1.4_rc7 (default-linux/amd64/2007.0/desktop, gcc-4.2.2, glibc-2.7-r0, 2.6.23-gentoo-r3-cfs-v24 x86_64) ================================================================= System uname: 2.6.23-gentoo-r3-cfs-v24 x86_64 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz Timestamp of tree: Wed, 05 Dec 2007 05:01:01 +0000 distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p17-r1 dev-java/java-config: 1.3.7, 2.1.3 dev-lang/python: 2.4.4-r7, 2.5.1-r4 dev-python/pycrypto: 2.0.1-r6 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.10-r5 sys-apps/sandbox: 1.2.18.1-r2 sys-devel/autoconf: 2.13, 2.61-r1 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3, 2.17-r2, 2.18-r1 sys-devel/gcc-config: 1.4.0-r4 sys-devel/libtool: 1.5.24 virtual/os-headers: 2.6.23-r2 ACCEPT_KEYWORDS="amd64 ~amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=nocona -O2 -pipe" CHOST="x86_64-pc-linux-gnu"
x86 stable
(In reply to comment #9) > x86 stable Ok, we are back to ~x86. As I thought it has been the revision I have used for such a long time, I stabled straight away. But: 3.1.0-r1 and 3.0.2-r1 fail with the same error. chmod: cannot access `sylprint.pl': No such file or directory chmod: cannot access `sylprint.rc': No such file or directory
un-cc'ing arches.
*** Bug 201394 has been marked as a duplicate of this bug. ***
3.0.2-r1 and 3.1.0-r1 fixed. Sorry about the delay, real life keeps insisting on being real for me.
second round... Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1. Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
x86 stable for sure now...thanks Andrej.
(In reply to comment #14) > second round... > > Arches, please test and mark stable mail-client/claws-mail-3.0.2-r1. > Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" > Unofficial: builds for me now on ppc. Thanks.
alpha/sparc stable
Stable for HPPA.
Stable for amd64
Although -3.1.0-r1 is not part of this bug, it does fix the same security violation. And it had the same problem leading to this retest effort. So I'll report that -3.1.0-r1 is now good on sparc. See Comment 13 above.
ppc64 stable
ppc stable
Just removing sylprint is not a fix. The compile currently dies for claws-mail-3.1.0-r1 ~x86 with the following error: cp: cannot stat `../tools/sylprint.pl': No such file or directory cp: cannot stat `../tools/sylprint.rc': No such file or directory ... chmod: cannot access `sylprint.pl': No such file or directory chmod: cannot access `sylprint.rc': No such file or directory make[2]: *** [all-local] Error 1 make[2]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.1.0-r1/work/claws-mail-3.1.0/tools' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/mail-client/claws-mail-3.1.0-r1/work/claws-mail-3.1.0' make: *** [all] Error 2 * * ERROR: mail-client/claws-mail-3.1.0-r1 failed.
(In reply to comment #23) > Just removing sylprint is not a fix. The compile currently dies for > claws-mail-3.1.0-r1 ~x86 with the following error: > cp: cannot stat `../tools/sylprint.pl': No such file or directory > cp: cannot stat `../tools/sylprint.rc': No such file or directory Wendall, this has already been fixed - see comment #13. Sync please.
Thanks. Working great now. Thanks for the quick patch! :)
voting time. I tend to vote Yes.
Voting YES.
YES, request filed.
GLSA 200801-03
Does not affect current (2008.0) release. Removing release.