Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
DSA 725-2: New ppxp packages fix local root exploit
Posted by Philipp Esselbach on: 07/04/2005 03:33 PM [ Print | 0 comment(s) ]
New ppxp packages are available for Debian GNU/Linux
---------------------------------------------------------------------------
Debian Security Advisory DSA 725-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 4th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : ppxp
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0392
Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
For the old stable distribution (woody) this problem has been
fixed in version 0.2001080415-6woody1 (DSA 725-1).
For the stable distribution (sarge) this problem has been fixed in
version 0.2001080415-10sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 0.2001080415-11.
We recommend that you upgrade your ppxp package.
---------------------------------------------------------------------------
Debian Security Advisory DSA 725-2 security@debian.org
http://www.debian.org/security/ Martin Schulze
July 4th, 2005 http://www.debian.org/security/faq
---------------------------------------------------------------------------
Package : ppxp
Vulnerability : missing privilege release
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2005-0392
Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.
For the old stable distribution (woody) this problem has been
fixed in version 0.2001080415-6woody1 (DSA 725-1).
For the stable distribution (sarge) this problem has been fixed in
version 0.2001080415-10sarge2.
For the unstable distribution (sid) this problem has been fixed in
version 0.2001080415-11.
We recommend that you upgrade your ppxp package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.dsc
Size/MD5 checksum: 714 0e065407ae76d9ca2f9def7a1d8f92af
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.diff.gz
Size/MD5 checksum: 8957 ed343f25afa1ade81217f8b315d25e96
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
Size/MD5 checksum: 426444 35dc6007ee4eafa9685f5e1e695a1464
Alpha architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 273842 9ed2250a15a07b317cd277237e80f669
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 84818 f405c062f88ad812c57bbe7f5fcb8c26
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 63084 2214812bc3da14f06d992322ca9f15d2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 76728 7b2ff4bc2208e1a93f9d123c2c31cc4a
ARM architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 225104 f23ae008a1f1261a4b1f4c84afd35c71
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 66496 0410908c710d224b793b275d375cf76c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 57168 5dd01ecdcf92a83cd973de739c518e03
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 61732 72b35701c12b3046b23ca19db5506c75
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 222244 027926b5e5ac4cf6c4f22f0cd5890e84
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 64024 3c59e05e77e2530260734474cf0bb77c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 58142 56dc14c3039685d119b16c2b806d5fbd
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 61534 71d2ad92f1d77ad4d89ecd7de67219f6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 295426 a39f4b9d22a0a0b725bec69d606f1a81
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 81148 6b0399263e036d09b66806fb091524ef
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 66188 e4fe2c30e754e698f3eb6fe3eb8d9719
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 82972 efb913c2bf338a52637cc82c97327a88
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 243160 b3835adfae98f76b3efdfcd7853d0171
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69424 d80e5e19b63973e4f80c39ad3233e5a8
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 61478 ae640e45c9c4abdd037b085a32bdd03e
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69866 b68592ad39a9284257f5fc49de8cab1f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 213564 9a276b8aec26a867671523ff5035fdd2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 64214 bf06732df6fc3229f8965f59beca5101
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 58110 46bb2da34671c0d32d1f4d32dc770ec6
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 60158 f386258d996efae327a9fa8fca820a17
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 247092 6bba1ce186cf00882c3932c10d67cf02
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 69660 2598103571a690e4bf8f64ecada6b638
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 59014 18a76c0648817a537c8cfdfa5c3eb793
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 72436 9e9ae78c5c78f813fcc156aa7e0976be
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 248700 b5cae50b114d4464e7be8d930bee511c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 69060 ea5ad0c81234a8790da0103773071299
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 58806 d62f0899543feb9a7872c58f0ac7aa6b
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 71030 25c0ed8d3fa575c5d5ea7e48e6ba9fe9
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 238690 ee17a47c6002345e916a75f918e66a05
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 78560 324da53c0df2605a135b2225448f89bf
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 60854 8cd7b904a47136e15de1fa463dc2ab70
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 69402 0e414abed84d60126f0717581ad4fcc2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 239410 6d706f726c18dc95123f38ce43ddcd6f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 110094 fa0fdb1e1f589f2aa7006a5fcd60cc91
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 61456 880664c6876b89393102ebcac7eed59f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 69660 096e956414ad270ec935502bed3479d8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 226238 9a230cf800ca7e5d0902e380f193c7d7
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 67016 d2c506f94eee2cb632d64b3a1d95df2d
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 57950 fd91ff4f6399226d70ba885c756d7e49
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 62376 680aca599e7d986519483354f4e61e85
These files will probably be moved into the stable distribution on
its next update.
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.dsc
Size/MD5 checksum: 714 0e065407ae76d9ca2f9def7a1d8f92af
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.diff.gz
Size/MD5 checksum: 8957 ed343f25afa1ade81217f8b315d25e96
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
Size/MD5 checksum: 426444 35dc6007ee4eafa9685f5e1e695a1464
Alpha architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 273842 9ed2250a15a07b317cd277237e80f669
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 84818 f405c062f88ad812c57bbe7f5fcb8c26
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 63084 2214812bc3da14f06d992322ca9f15d2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_alpha.deb
Size/MD5 checksum: 76728 7b2ff4bc2208e1a93f9d123c2c31cc4a
ARM architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 225104 f23ae008a1f1261a4b1f4c84afd35c71
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 66496 0410908c710d224b793b275d375cf76c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 57168 5dd01ecdcf92a83cd973de739c518e03
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_arm.deb
Size/MD5 checksum: 61732 72b35701c12b3046b23ca19db5506c75
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 222244 027926b5e5ac4cf6c4f22f0cd5890e84
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 64024 3c59e05e77e2530260734474cf0bb77c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 58142 56dc14c3039685d119b16c2b806d5fbd
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_i386.deb
Size/MD5 checksum: 61534 71d2ad92f1d77ad4d89ecd7de67219f6
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 295426 a39f4b9d22a0a0b725bec69d606f1a81
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 81148 6b0399263e036d09b66806fb091524ef
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 66188 e4fe2c30e754e698f3eb6fe3eb8d9719
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_ia64.deb
Size/MD5 checksum: 82972 efb913c2bf338a52637cc82c97327a88
HP Precision architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 243160 b3835adfae98f76b3efdfcd7853d0171
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69424 d80e5e19b63973e4f80c39ad3233e5a8
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 61478 ae640e45c9c4abdd037b085a32bdd03e
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_hppa.deb
Size/MD5 checksum: 69866 b68592ad39a9284257f5fc49de8cab1f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 213564 9a276b8aec26a867671523ff5035fdd2
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 64214 bf06732df6fc3229f8965f59beca5101
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 58110 46bb2da34671c0d32d1f4d32dc770ec6
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_m68k.deb
Size/MD5 checksum: 60158 f386258d996efae327a9fa8fca820a17
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 247092 6bba1ce186cf00882c3932c10d67cf02
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 69660 2598103571a690e4bf8f64ecada6b638
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 59014 18a76c0648817a537c8cfdfa5c3eb793
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mips.deb
Size/MD5 checksum: 72436 9e9ae78c5c78f813fcc156aa7e0976be
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 248700 b5cae50b114d4464e7be8d930bee511c
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 69060 ea5ad0c81234a8790da0103773071299
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 58806 d62f0899543feb9a7872c58f0ac7aa6b
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mipsel.deb
Size/MD5 checksum: 71030 25c0ed8d3fa575c5d5ea7e48e6ba9fe9
PowerPC architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 238690 ee17a47c6002345e916a75f918e66a05
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 78560 324da53c0df2605a135b2225448f89bf
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 60854 8cd7b904a47136e15de1fa463dc2ab70
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_powerpc.deb
Size/MD5 checksum: 69402 0e414abed84d60126f0717581ad4fcc2
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 239410 6d706f726c18dc95123f38ce43ddcd6f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 110094 fa0fdb1e1f589f2aa7006a5fcd60cc91
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 61456 880664c6876b89393102ebcac7eed59f
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_s390.deb
Size/MD5 checksum: 69660 096e956414ad270ec935502bed3479d8
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 226238 9a230cf800ca7e5d0902e380f193c7d7
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 67016 d2c506f94eee2cb632d64b3a1d95df2d
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 57950 fd91ff4f6399226d70ba885c756d7e49
http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_sparc.deb
Size/MD5 checksum: 62376 680aca599e7d986519483354f4e61e85
These files will probably be moved into the stable distribution on
its next update.
