Change log for osh package in Ubuntu
| 1 → 5 of 5 results | First • Previous • Next • Last |
osh (1.7-14ubuntu0.1) breezy-security; urgency=low
* [SECURITY]: Multiple buffer overflows.
- main.c: Don't overwrite the return value of getenv(), which can
lead to injection of environment variables and to privilege
escalation (root shell). Reported by Charles Stevenson.
+ CVE-2005-3346
+ http://bugs.debian.org/338312
- main.c: Don't overflow the buffer using the current working
directory and a specially crafted filename, which can lead to
arbitrary code execution. Reported by 'Solar Eclipse'.
+ CVE-2005-3533
- Patch for both issues backported from Debian's osh 1.7-15.
-- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:02:31 -0800
osh (1.7-14) unstable; urgency=high
* urgency set to high because this version fixes a buffer overflow
that causes unauthorized privilege escalation (thanks to Charles Stevenson
<email address hidden> for the bug report)
* handlers.c: use malloc() to avoid buffer overflow in writeable()
-- Oohara Yuuma <email address hidden> Wed, 17 Aug 2005 02:29:03 +0900
osh (1.7-12ubuntu0.5.04) hoary-security; urgency=low
* [SECURITY]: Multiple buffer overflows.
- main.c: Don't overwrite the return value of getenv(), which can
lead to injection of environment variables and to privilege
escalation (root shell). Reported by Charles Stevenson.
+ CVE-2005-3346
+ http://bugs.debian.org/338312
- main.c: Don't overflow the buffer using the current working
directory and a specially crafted filename, which can lead to
arbitrary code execution. Reported by 'Solar Eclipse'.
+ CVE-2005-3533
- main.c: Don't overflow the buffer by abusing strcpy() and
strcat(); use strncpy() and strncat() instead. Reported by
Charles Stevenson.
+ http://bugs.debian.org/323424
- handlers.c: Don't overflow the buffer in writeable(); use
malloc(). Reported by Charles Stevenson.
+ http://bugs.debian.org/323482
- Patch for all issues backported from Debian's osh 1.7-15.
-- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:53:17 -0800
osh (1.7-12ubuntu0.4.10) warty-security; urgency=low
* [SECURITY]: Multiple buffer overflows.
- main.c: Don't overwrite the return value of getenv(), which can
lead to injection of environment variables and to privilege
escalation (root shell). Reported by Charles Stevenson.
+ CVE-2005-3346
+ http://bugs.debian.org/338312
- main.c: Don't overflow the buffer using the current working
directory and a specially crafted filename, which can lead to
arbitrary code execution. Reported by 'Solar Eclipse'.
+ CVE-2005-3533
- main.c: Don't overflow the buffer by abusing strcpy() and
strcat(); use strncpy() and strncat() instead. Reported by
Charles Stevenson.
+ http://bugs.debian.org/323424
- handlers.c: Don't overflow the buffer in writeable(); use
malloc(). Reported by Charles Stevenson.
+ http://bugs.debian.org/323482
- Patch for all issues backported from Debian's osh 1.7-15.
-- Daniel T Chen <email address hidden> Fri, 9 Dec 2005 02:53:17 -0800
osh (1.7-12) unstable; urgency=high
* urgency set to high because this version fixes a buffer overflow
that may cause unauthorized privilege escalation (I'm not sure,
but this is a setuid root shell, so you can't be too careful)
* main.c, struct.h: hacked gettoken() so that it can check the size of
the buffer (closes: #168383) (my patch in #168383 has one bug ---
gettoken() has to check if iword_length >= 2, not 1)
* note that the upstream put some arbitrary restrictions:
- max length of file name: 31
- max length of word (for example, command name): 19
- max length of environment variable: 39
-- Oohara Yuuma <email address hidden> Sat, 28 Dec 2002 01:12:58 +0900
| 1 → 5 of 5 results | First • Previous • Next • Last |
