Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 153896 - net-mail/qmailadmin: Buffer overflow (CVE-2006-1141)
Summary: net-mail/qmailadmin: Buffer overflow (CVE-2006-1141)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High critical (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2006-11-02 20:20 UTC by regis couraud
Modified: 2007-02-11 11:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
New version qmailafin 1.2.10 (qmailadmin-1.2.10.ebuild,2.43 KB, application/octet-stream)
2006-11-02 20:25 UTC, regis couraud
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description regis couraud 2006-11-02 20:20:40 UTC
CVE reference:	CVE-2006-1141 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-1141

Solution : Install qmailadmin 1.2.10
Comment 1 regis couraud 2006-11-02 20:25:23 UTC
Created attachment 101122 [details]
New version qmailafin 1.2.10
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-11-03 12:03:47 UTC
This bug is already public. Please don't restrict public vulnerabilities. The herd can't see the bug.

robbat2, please bump out the fixed version (1.2.10) or patch, thanks. I couldn't find a similar bug, we've probably missed it.
Comment 3 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-10 05:57:48 UTC
robbat2/qmail herd, any news?
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-11-11 03:03:38 UTC
1.2.10 in CVS now. Took some work to find that it now needed RESTRICT=userpriv to compile successfully.
Comment 5 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-11 04:27:46 UTC
Arhces please test and mark stable. Target keywords are:

amd64 arm hppa ppc sparc x86
Comment 6 Markus Meier gentoo-dev 2006-11-11 16:06:37 UTC
net-mail/qmailadmin-1.2.10  USE="-maildrop"
1. emerges on x86, please note:
QA Notice: the following files are setXid, dyn linked, and using lazy bindings
LAZY var/www/localhost/cgi-bin/qmailadmin

2. passes collision test
3. seems to work as the cgi-bin/qmailadmin shows up. (don't have a qmail setup to test further)

Portage 2.1.1-r1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18.1 i686)
=================================================================
System uname: 2.6.18.1 i686 Genuine Intel(R) CPU           T2300  @ 1.66GHz
Gentoo Base System version 1.12.6
Last Sync: Sat, 11 Nov 2006 22:30:01 +0000
ccache version 2.3 [disabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.3.5-r3, 2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-O2 -march=prescott -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
EMERGE_DEFAULT_OPTS="--nospinner"
FEATURES="autoconfig collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox"
GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/"
LINGUAS="en de en_GB de_CH"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 X a52 aac acpi alsa apache2 asf berkdb bitmap-fonts cairo cdr cdrom cli cracklib crypt cups dbus divx dlloader dri dts dvd dvdr dvdread eds elibc_glibc emboss encode fam ffmpeg firefox flac fortran gdbm gif gnome gpm gstreamer gtk hal iconv input_devices_keyboard input_devices_mouse ipv6 isdnlog java jpeg kde kdeenablefinal kernel_linux ldap libg++ linguas_de linguas_de_CH linguas_en linguas_en_GB mad mikmod mmx mono mp3 mpeg ncurses nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt3 qt4 quicktime readline reflection rtsp samba sdl session smp spell spl sse sse2 sse3 ssl svg tcpd test tetex theora threads truetype truetype-fonts type1-fonts udev unicode userland_GNU vcd video_cards_fbdev video_cards_i810 video_cards_vesa vorbis win32codecs wxwindows x264 xine xml xorg xprint xv xvid zlib"
Unset:  CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2006-11-13 09:45:04 UTC
ppc stable
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2006-11-13 12:10:44 UTC
stable on hppa
Comment 9 Michael Weyershäuser 2006-11-13 20:07:26 UTC
Emerges fine on amd64 and seems to be working...

Portage 2.1.1-r1 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.4-r4, 2.6.18-suspend2-Dudebox-Edition x86_64)
=================================================================
System uname: 2.6.18-suspend2-Dudebox-Edition x86_64 AMD Athlon(tm) 64 Processor 3200+
Gentoo Base System version 1.12.6
Last Sync: Mon, 13 Nov 2006 05:00:01 +0000
distcc 2.18.3 x86_64-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled]
ccache version 2.3 [enabled]
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.3.7, 2.0.30
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     2.3
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.60
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r4
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="amd64"
AUTOCLEAN="yes"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=k8 -msse3 -Os -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c"
CXXFLAGS="-march=k8 -msse3 -Os -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache collision-protect distcc distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test"
GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp:///ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/"
LDFLAGS="-Wl,-O1"
MAKEOPTS="-j4"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage_overlay"
SYNC="rsync://server/gentoo-portage"
USE="amd64 X alsa apache2 berkdb bitmap-fonts cairo cdr cli cracklib crypt cups dbus dlloader dri dvd dvdr eds elibc_glibc emboss encode esd fam firefox fortran gcj gdbm gif gpm gstreamer gtk gtk2 hal iconv imap input_devices_keyboard input_devices_mouse isdnlog jpeg kde kdeenablefinal kdehiddenvisibility kernel_linux libg++ mad mikmod mp3 mpeg mysql ncurses nls nptl nptlonly objc objc++ ogg oss pam pcre perl png ppds pppd python qt3 quicktime readline reflection sdl session spell spl sqlite ssl tcpd test truetype truetype-fonts type1-fonts udev unicode userland_GNU video_cards_radeon vorbis xml xorg xv zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 10 Christian Faulhammer (RETIRED) gentoo-dev 2006-11-13 22:10:38 UTC
x{72-8} is done
Comment 11 Christian Faulhammer (RETIRED) gentoo-dev 2006-11-13 22:16:35 UTC
(In reply to comment #10)
> x{72-8} is done

 I always was bad at math. Ugh.

Comment 12 Gustavo Zacarias (RETIRED) gentoo-dev 2006-11-15 07:24:55 UTC
sparc stable.
Comment 13 Chris Gianelloni (RETIRED) gentoo-dev 2006-11-15 08:10:16 UTC
amd64 done
Comment 14 Matthias Geerdsen (RETIRED) gentoo-dev 2006-11-15 13:38:48 UTC
ready for GLSA
Comment 15 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-20 11:16:25 UTC
It's setuid root rerating.
Comment 16 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-11-20 15:48:20 UTC
jaervosz: qmailadmin is NOT setuid root. It's setuid vpopmail:vpopmail. This is so it has access to files that are 0640/root:vpopmail and vpopmail:vpopmail.
Comment 17 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-20 21:34:53 UTC
Thx Robbat for clearing this up and installing it this non-standard way.
Comment 18 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-11-20 22:19:14 UTC
it's not non-standard, the setuid vpopmail is done by upstream (after you tell it what your vpopmail user is).
Comment 19 Sune Kloppenborg Jeppesen gentoo-dev 2006-11-21 07:23:09 UTC
GLSA 200611-15