Summary: | net-p2p/amule: Information leak (CVE-2006-2691, CVE-2006-2692) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | orgoz2 |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ladanyi, net-p2p, StormByte, tcort |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.amule.org | ||
Whiteboard: | B4 [noglsa] DerCorny | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 135035 | ||
Bug Blocks: |
Description
orgoz2
2006-05-29 08:59:15 UTC
http://www.amule.org/ <snip> aMule 2.1.2 released! Posted by: Kry, 28.05.06 at 17:24 </snip> # date Mon May 29 18:04:43 CEST 2006 So yeah, pardon us that we didn't manage to release this in 30 minutes. Damnit, we are such slackers! http://allen.brooker.gb.net/misc/kitten-0day.jpg Hi all, congrats for the very fast bump :) i recommend you assign now this bug to the security team (product Gentoo Security / component vulns) because of an information disclosure vulnerability which could allow an attacker to read HTML, PHP or image files on the server, on versions <2.1.2 . This will call a vote on a GLSA issuing or not. Thanks in advance. jup, shamelessly stealing the bug now. Arches, please test and stable version 2.1.2, thanks. accepting/setting severity hrm.. I just did an cvs up in *cvs*/net-p2p/amule/ and I don't see version 2.1.2 in there. Same for emerge --sync and then looking for this version. you might forgot to commit? Sorry, seems like I was a bit too trigger happy. waiting for net-p2p to provide fixed packages arches, please test and stable 2.1.2, thanks stable on ppc64 ding ding amd64 stableeeeee ding ding ppc stable CVE-2006-2691 & CVE-2006-2692 the mule heha'd at me so I marked it stable on x86. and lagging bugs didn't remove x86 from the bug. no go for alpha. I get the following when attempting to run amule... ////////////////////////////////////////////// Initialising aMule Checking if there is an instance already running... No other instances are running. aMule Version: aMule 2.1.2 using wxGTK2 v2.6.2 Terminated after throwing an instance of 'std::bad_alloc' what(): St9bad_alloc backtrace: [2] ?? in amule [0x12006dfc8] [3] wxEntry(int&, char**) in /usr/lib/libwx_base-2.6.so.0[0x2000089f2c0] [4] ?? in amule [0x120153b90] [5] __libc_start_main in /lib/libc.so.6.1[0x20000b77a30] [6] ?? in amule [0x120058a58] Aborted ////////////////////////////////////////////// I get the same results with wxGTK 2.6.2-r1 and 2.6.3.2. I masked amule in profiles/default-linux/alpha/package.mask and dropped the ~alpha keyword from 2.1.2. If you need anything else, please re-add us. tcort, please test amule-2.1.3 and let me know if it seems to work for alpha. (In reply to comment #15) > tcort, please test amule-2.1.3 and let me know if it seems to work for alpha. amule-2.1.3 still crashes. $ amule Initialising aMule Checking if there is an instance already running... No other instances are running. -------------------------------------------------------------------------------- A fatal error has occurred and aMule has crashed. Please assist us in fixing this problem by posting the backtrace below in our 'aMule Crashes' forum and include as much information as possible regarding the circumstances of this crash. The forum is located here: http://forum.amule.org/board.php?boardid=67 If possible, please try to generate a real backtrace of this crash: http://www.amule.org/wiki/index.php/Backtraces ----------------------------=| BACKTRACE FOLLOWS: |=---------------------------- Current version is: aMule 2.1.3 using wxGTK2 v2.6.3 (Unicoded) Running on: Linux 2.6.16.5 alpha [2] ?? in amule [0x120061850] [3] wxFatalSignalHandler in /usr/lib/libwx_baseu-2.6.so.0[0x200008c6528] [4] ?? in /lib/libpthread.so.0 [0x20000056300] [5] __pthread_mutex_lock in /lib/libpthread.so.0[0x2000004f2e4] [6] wxMutexInternal::Lock() in /usr/lib/libwx_baseu-2.6.so.0[0x200008b7a58] -------------------------------------------------------------------------------- Aborted net-p2p please advise. This seems to be isolated on alpha; I cannot reproduce it. Is there any way we can drop alpha support until an amule dev can take a look at this? Your advice in this situation is better than any I could give. Hey tcort can you enable debug on the ebuild and run aMule in gdb to produce a real backtrace? also a good idear might be to move your old .aMule dir out of the way and start for this test with a clean one. stefanero (In reply to comment #18) > This seems to be isolated on alpha; I cannot reproduce it. Is there any way we > can drop alpha support until an amule dev can take a look at this? Your advice > in this situation is better than any I could give. Alpha support has already been dropped, see comment #14, "I masked amule in profiles/default-linux/alpha/package.mask and dropped the ~alpha keyword from 2.1.2." (In reply to comment #19) > tcort can you enable debug on the ebuild and run aMule in gdb to produce a > real backtrace? stefanero, sure. I'll do that and post the results to the "aMule crashes" forums mentioned in the error message. Did this ever get fixed for alpha? (In reply to comment #21) > Did this ever get fixed for alpha? No, see comment #14 and comment #16. I filed an upstream crash report[1]. I guess I forgot to set e-mail notification on the aMule forums because I just noticed the reply. I'll post more debugging information to the crash report when I have some time to spare (I've been busy testing and stabilizing stuff for 2006.1). I'm hoping it will get fix. In the meantime, amule is masked on alpha (as I stated in Comment #14) because the amule versions in portage either crash at startup or are vulnerable. [1] http://forum.amule.org/thread.php?threadid=10352 I think this is ready for GLSA vote, I tend to vote no. 0.5 for no glsa I can't really decide (with the info being quite vague, too). On one hand it's cheesy, and of course amuleweb is nothing to be trusted in the first place (read: don't make it world-accessible). But then again, I would not want my phpBB config.php or DokuWiki user.auth.php shared with the world... .5 for "yes" :] Voting a NO and closing. Feel free to reopen if you disagree. |