OpenPKG lists the following packages affected by the shtool vulnerability. We should check if we have equivalent of those packages in portage and see if they indeed can trigger the shtool things : <= al-0.9.1-20040207 <= as-gui-0.7.7-20040920 <= cfg-0.9.9-20050218 <= ettercap-0.7.3-20050529 <= ex-1.0.4-20050610 <= flow2rrd-0.9.1-20041230 <= fsl-1.6.0-20050308 <= getopt-20030307-20040207 <= iselect-1.3.0-20041008 <= jitterbug-1.6.2.3-20040203 <= l2-0.9.10-20050308 <= libnetdude-0.7-20050506 <= libpcapnav-0.6-20050506 <= libradius-20040920-20040920 <= lmtp2nntp-1.3.0-20041207 <= lzo-2.00-20050530 <= lzop-1.01-20050530 <= mm-1.3.1-20041018 <= netdude-0.4.6-20050506 <= newt-0.51.6.7-20050323 <= nmap-3.81-20050207 <= petidomo-4.0b6-20050215 <= pth-2.0.4-20050218 <= sa-1.2.4-20050308 <= shiela-1.1.5-20050112 <= sio-0.9.2-20050610 <= snmpdx-0.2.10-20041018 <= str-0.9.10-20050124 <= svs-1.0.2-20050206 <= uuid-1.2.0-20050407 <= val-0.9.3-20050610 <= var-1.1.2-20041031 <= wml-2.0.9-20050613 <= xds-0.9.2-20050603
ok, here are some results from a first quick check. Note that this is only the very first pass and more research has to be done. ettercap-0.7.3 line 381 libpcapnav-0.6 line 312 lzo-1.08 line 560 lzop-1.01 line 560 mm-1.2.1 line 560 nmap shtool exist, no vuln code? php-4.3.11 line 385 (php5 masked, not checked yet) pth-1.4.0 line 368 wml-2.0.9 line 359
PHP was checked by taviso as non-vulnerable.
Went through all of them again - it seems the shtool scriptfiles include the affected code, but aren't vulnerable because these functions are never called. (It's a bit of a mystery for me why OpenPKG is affected and we aren't? This could be my fault, so I recommend that somebody with more skills has a short look) Regards and sorry for my lack of skills - I'm going to read some stuff about this soon, Stefan
(In reply to comment #3) > (It's a bit of a mystery for me why OpenPKG is affected and we aren't? I guess they didn't bother to doublecheck.
Until proven otherwise, those packages are not vulnerable.