[pkg-firebird-general] Bug#362001: [security] Insecure semaphore
permissions
Damyan Ivanov
divanov at creditreform.bg
Tue Apr 11 18:44:50 UTC 2006
Package: libfbembed1
Version: 1.5.1-1
Severity: serious
Tags: security patch upstream
Hi,
(The purpose of this bugreport is mainly to get it fixed in stable.
Upload to unstable is pending.)
This time the security-related bug in firebird2 is DoS. The "classic"
flavour of the server (contained in libfbembed1) uses semaphore array
for IPC and creates this array with world-writable permissions. This
allows a local attacker to lock all semaphores in the array effectively
blocking further requests.
I post the bug in the BTS without privatelly discussion with the team,
since the vulnerability is published in upstreams bugtracker[1].
[1]
http://sourceforge.net/tracker/index.php?func=detail&aid=1466193&group_id=9028&atid=593943
A fix to the vulnerability is to create semaphores with 0660
permissions. The patch to unstable package is in
separate-file-and-sem-perms.dpatch[2]. Patch to stable package may be
based on it (stable implements part of it). I can also prepare an
interdiff for stable if you prefer.
[2]
http://svn.debian.org/wsvn/pkg-firebird/trunk/debian/patches/separate-file-and-sem-perms.dpatch?op=file&rev=0&sc=0
A note about Version: in stable the libfbembed1 package is named
libfirebird2-classic. The vulnerability is present in all 1.5 versions.
Ah, there is also one file created with 0666, but it is in
/var/run/firebird2, which is accessable for firebird:firebird only and
thus poses no threats.
Please tell me if I can be of some help.
Greetings, dam
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13+reiser4+dam.1
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Versions of packages libfbembed1 depends on:
ii libc6 2.3.6-4 GNU C Library: Shared libraries an
ii libgcc1 1:4.1.0-1 GCC support library
ii libncurses5 5.5-1 Shared libraries for terminal hand
ii libstdc++6 4.1.0-1 The GNU Standard C++ Library v3
libfbembed1 recommends no packages.
-- no debconf information
More information about the pkg-firebird-general
mailing list