Change log for osh package in Ubuntu
1 → 5 of 5 results | First • Previous • Next • Last |
osh (1.7-14ubuntu0.1) breezy-security; urgency=low * [SECURITY]: Multiple buffer overflows. - main.c: Don't overwrite the return value of getenv(), which can lead to injection of environment variables and to privilege escalation (root shell). Reported by Charles Stevenson. + CVE-2005-3346 + http://bugs.debian.org/338312 - main.c: Don't overflow the buffer using the current working directory and a specially crafted filename, which can lead to arbitrary code execution. Reported by 'Solar Eclipse'. + CVE-2005-3533 - Patch for both issues backported from Debian's osh 1.7-15. -- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:02:31 -0800
osh (1.7-14) unstable; urgency=high * urgency set to high because this version fixes a buffer overflow that causes unauthorized privilege escalation (thanks to Charles Stevenson <email address hidden> for the bug report) * handlers.c: use malloc() to avoid buffer overflow in writeable() -- Oohara Yuuma <email address hidden> Wed, 17 Aug 2005 02:29:03 +0900
osh (1.7-12ubuntu0.5.04) hoary-security; urgency=low * [SECURITY]: Multiple buffer overflows. - main.c: Don't overwrite the return value of getenv(), which can lead to injection of environment variables and to privilege escalation (root shell). Reported by Charles Stevenson. + CVE-2005-3346 + http://bugs.debian.org/338312 - main.c: Don't overflow the buffer using the current working directory and a specially crafted filename, which can lead to arbitrary code execution. Reported by 'Solar Eclipse'. + CVE-2005-3533 - main.c: Don't overflow the buffer by abusing strcpy() and strcat(); use strncpy() and strncat() instead. Reported by Charles Stevenson. + http://bugs.debian.org/323424 - handlers.c: Don't overflow the buffer in writeable(); use malloc(). Reported by Charles Stevenson. + http://bugs.debian.org/323482 - Patch for all issues backported from Debian's osh 1.7-15. -- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:53:17 -0800
osh (1.7-12ubuntu0.4.10) warty-security; urgency=low * [SECURITY]: Multiple buffer overflows. - main.c: Don't overwrite the return value of getenv(), which can lead to injection of environment variables and to privilege escalation (root shell). Reported by Charles Stevenson. + CVE-2005-3346 + http://bugs.debian.org/338312 - main.c: Don't overflow the buffer using the current working directory and a specially crafted filename, which can lead to arbitrary code execution. Reported by 'Solar Eclipse'. + CVE-2005-3533 - main.c: Don't overflow the buffer by abusing strcpy() and strcat(); use strncpy() and strncat() instead. Reported by Charles Stevenson. + http://bugs.debian.org/323424 - handlers.c: Don't overflow the buffer in writeable(); use malloc(). Reported by Charles Stevenson. + http://bugs.debian.org/323482 - Patch for all issues backported from Debian's osh 1.7-15. -- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:53:17 -0800
osh (1.7-12) unstable; urgency=high * urgency set to high because this version fixes a buffer overflow that may cause unauthorized privilege escalation (I'm not sure, but this is a setuid root shell, so you can't be too careful) * main.c, struct.h: hacked gettoken() so that it can check the size of the buffer (closes: #168383) (my patch in #168383 has one bug --- gettoken() has to check if iword_length >= 2, not 1) * note that the upstream put some arbitrary restrictions: - max length of file name: 31 - max length of word (for example, command name): 19 - max length of environment variable: 39 -- Oohara Yuuma <email address hidden> Sat, 28 Dec 2002 01:12:58 +0900
1 → 5 of 5 results | First • Previous • Next • Last |