Summary: | dev-db/firebird local exploit | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Daniel Ahlberg (RETIRED) <aliz> |
Component: | GLSA Errors | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | mksoft |
Priority: | Highest | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 42518 | ||
Bug Blocks: |
Description
Daniel Ahlberg (RETIRED)
2003-05-12 05:48:48 UTC
mksoft, Does firebird-1.0.3 fix this? According to this: http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480 It says it fixed in ver 1.18 of jrd.c, but further investigation with webcvs: http://cvs.sourceforge.net/viewcvs.py/firebird/interbase/jrd/gds.c Shows it was rolled back in ver 1.19 if gds.c cause the fix was bogus. Looks like it wasn't fixed. Maybe it's fixed in firebird ver 1.5 (there's some hint in the tracker link above), but it is not released yet. According to this: http://sourceforge.net/tracker/?group_id=9028&atid=109028&func=detail&aid=739480 It says it fixed in ver 1.18 of jrd.c, but further investigation with webcvs: http://cvs.sourceforge.net/viewcvs.py/firebird/interbase/jrd/gds.c Shows it was rolled back in ver 1.19 if gds.c cause the fix was bogus. Looks like it wasn't fixed. Maybe it's fixed in firebird ver 1.5 (there's some hint in the tracker link above), but it is not released yet. mksoft, Is this resolved yet? Can we close this bug. No resolution yet. I've searched freebsd advisories, debian's patches with no avail. BugTraq reports that no known vendor solution is available: http://securityfocus.com/bid/7546/solution/ Ideas ? Meir Kriheli - would you remove the affected version of Firebird (1.0-r1) so we can close this bug? Thanks. IIRC the affected versions are up to 1.0.3 (including it). since 1.0.3 is the current stable one, we can't remove it yet. 1.5.0 is currently masked for testing. I think we should remove older ebuilds only when 1.5.0 is stable. This link states that 1.0 and 1.0.2 are affected. http://securityfocus.com/bid/7546/info/ Looks at the links I've provided in this discussion. 1.0.3 was not out yet when this was discovered. I've posted links to cvs changelog's which say that the supposed fix was really helping and it was rolled back. what needs to happen for 1.5 to go stable? A few spare hours which I can work on it, and users tetsing it. I need to move it from inetd based to daemon (by default). Committed the new ebuild (still masked). There's a bug open about the new version (#42518), so hopefully testers will reposnd there. mksoft: Looks like we had progress on #42518 : please mark the ebuild as x86 stable as soon as you estimate it meets the standards, so that we can issue the GLSA for this one. -K I'll move it to ~x86 and see how it goes from there OK, enough is enough. This is a fairly serious exploit that allows data desctruction and trojaned binaries. We either need to get it resolved within 24h or security mask all affected versions. This bug has just passed it's 1 year anniversary... timestamp: Thu May 13 16:31:06 UTC 2004 I thought there was a new policy forcing at least a month from unstable to stable ones. Anyway, I'll mark it as stable in a few hours and close the bug the blocks this one. BTW: Most of the delay (1 year) is the time it took the firebird team to release 1.5. Firebird 1.5 is stable -- ready for a GLSA GLSA 200405-18 |