[pkg-firebird-general] Bug#362001: [security] Insecure semaphore permissions

Damyan Ivanov divanov at creditreform.bg
Tue Apr 11 18:44:50 UTC 2006 

Package: libfbembed1
Version: 1.5.1-1
Severity: serious
Tags: security patch upstream

Hi,

(The purpose of this bugreport is mainly to get it fixed in stable.
Upload to unstable is pending.)

This time the security-related bug in firebird2 is DoS. The "classic"
flavour of the server (contained in libfbembed1) uses semaphore array
for IPC and creates this array with world-writable permissions. This
allows a local attacker to lock all semaphores in the array effectively
blocking further requests.

I post the bug in the BTS without privatelly discussion with the team,
since the vulnerability is published in upstreams bugtracker[1].

[1]
http://sourceforge.net/tracker/index.php?func=detail&aid=1466193&group_id=9028&atid=593943

A fix to the vulnerability is to create semaphores with 0660
permissions. The patch to unstable package is in
separate-file-and-sem-perms.dpatch[2]. Patch to stable package may be
based on it (stable implements part of it). I can also prepare an
interdiff for stable if you prefer.

[2]
http://svn.debian.org/wsvn/pkg-firebird/trunk/debian/patches/separate-file-and-sem-perms.dpatch?op=file&rev=0&sc=0

A note about Version: in stable the libfbembed1 package is named
libfirebird2-classic. The vulnerability is present in all 1.5 versions.

Ah, there is also one file created with 0666, but it is in
/var/run/firebird2, which is accessable for firebird:firebird only and
thus poses no threats.


Please tell me if I can be of some help.


Greetings, dam



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13+reiser4+dam.1
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)

Versions of packages libfbembed1 depends on:
ii  libc6                         2.3.6-4    GNU C Library: Shared libraries an
ii  libgcc1                       1:4.1.0-1  GCC support library
ii  libncurses5                   5.5-1      Shared libraries for terminal hand
ii  libstdc++6                    4.1.0-1    The GNU Standard C++ Library v3

libfbembed1 recommends no packages.

-- no debconf information

More information about the pkg-firebird-general mailing list