[Sec-cert] [Debian] Schwachstelle in maildrop vor Version 2.0.4-3 - DSA-1981-2

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Fr Jan 29 12:56:08 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung des Debian-Teams. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2010-0301 - Schwachstelle in maildrop

  Das Programm maildrop aendert bei Angabe der Option "-d" zwar die ID
  des Nutzers, nicht jedoch die ID der Gruppe. Ein lokaler Angreifer
  kann diese Schwachstelle dazu ausnutzen, beliebige Befehle mit den
  Rechten der Gruppe "root" auszufuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket maildrop in der stable Distribution (lenny) vor Version
  2.0.4-3+lenny3
  Paket maildrop in der old stable Distribution (etch) vor Version
  2.0.2-11+etch2
  Patches fuer das Paket maildrop in der testing Distribution (squeeze)
  werden nachgereicht
  Paket maildrop in der unstable Distribution (sid) vor Version 2.2.0-3.1

  Stable Distribution (lenny)
  Old Stable Distribution (etch)
  Testing Distribution (squeeze)
  Unstable Distribution (sid)

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  http://www.debian.org/security/2010/dsa-1981


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ------------------------------------------------------------------------
Debian Security Advisory DSA-1981-2                  security at debian.org
http://www.debian.org/security/                      Steffen Joeris
January 28, 2010                      http://www.debian.org/security/faq
- - ------------------------------------------------------------------------

Package        : maildrop
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE Id         : CVE-2010-0301
Debian Bug     : 564601

The latest DSA for maildrop introduced two regressions. The maildrop
program stopped working when invoked as a non-root user, such as with
postfix. Also, the lenny version dropped a dependency on the
courier-authlib package.


For the stable distribution (lenny), this problem has been fixed in
version 2.0.4-3+lenny3.

For the oldstable distribution (etch), this problem has been fixed in
version 2.0.2-11+etch2.

For the testing distribution (squeeze) this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.0-3.1.

For reference, the original advisory text is below.

Christoph Anton Mitterer discovered that maildrop, a mail delivery agent
with filtering abilities, is prone to a privilege escalation issue that
grants a user root group privileges.

We recommend that you upgrade your maildrop packages.


Upgrade instructions
- - --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- - -------------------------------

Debian (oldstable)
- - ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2.dsc
    Size/MD5 checksum:      736 280d7371f21cd78c4977d65967f4695c
  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2.diff.gz
    Size/MD5 checksum:    13965 269c15cb493be7357dc5d8a8acbad25d
  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2.orig.tar.gz
    Size/MD5 checksum:  3217622 d799e44aa65027a02343e5e08b97f3a0

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_alpha.deb
    Size/MD5 checksum:   398482 c4dcbec55c55dff97a738617b367f517

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_amd64.deb
    Size/MD5 checksum:   363478 94687bb12867af71bcf9680f089e422f

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_arm.deb
    Size/MD5 checksum:   350004 513a26c626071a4d58abbbc22a7f9f4b

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_hppa.deb
    Size/MD5 checksum:   388388 ce6100257045fe40df77af384d5d2b51

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_i386.deb
    Size/MD5 checksum:   355890 07f603a68d05bf05f9fad916f9de51e0

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_ia64.deb
    Size/MD5 checksum:   470078 78f1972ef14698a20d5c181b90dd31e7

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_mipsel.deb
    Size/MD5 checksum:   376390 678ed61359f44e3bb9161d03e4b6675f

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.2-11+etch2_powerpc.deb
    Size/MD5 checksum:   358184 c76433b354ed838938340a06a7f93cd2


Debian GNU/Linux 5.0 alias lenny
- - --------------------------------

Debian (stable)
- - ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4.orig.tar.gz
    Size/MD5 checksum:  3566630 78e6c27afe7eff9e132b8bc20087aae7
  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3.diff.gz
    Size/MD5 checksum:   807850 15846a840e3bad8301778630d7e7bf24
  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3.dsc
    Size/MD5 checksum:     1137 826da92ceb403b0e0778c3609c109a1e

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_alpha.deb
    Size/MD5 checksum:   402062 21c37f944be6d5b02544acb17c521681

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_amd64.deb
    Size/MD5 checksum:   371772 18b875356d68e326c51decf8061eff99

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_hppa.deb
    Size/MD5 checksum:   389098 c59222e68d068e2d68db475854b8f52d

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_i386.deb
    Size/MD5 checksum:   359508 340a509db515cd0d4e9af017871d0f80

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_ia64.deb
    Size/MD5 checksum:   466646 826d66a3b3bc85492bf45f9552db15ca

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_mips.deb
    Size/MD5 checksum:   375330 c0c80404e33608fdc46d007d7ad97c08

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_mipsel.deb
    Size/MD5 checksum:   376072 ece64fb17424086e64dd5cb84604f80b

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/m/maildrop/maildrop_2.0.4-3+lenny3_powerpc.deb
    Size/MD5 checksum:   379196 3cd9eb52eb8a14feebd37be8578f467f


  These files will probably be moved into the stable distribution on
  its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce at lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkth8TEACgkQ62zWxYk/rQeHfQCeKQULh1XAWPADGpWDuNVrnd/R
krMAoI+R63iKeQXMnV/B7CHJN2XqihGQ
=Q1oS
- -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLYszXWmhIvjFb90URAgP1AJ4h7Zpaieo1MAbBB+l1fxX9tpb4FwCfdagk
tt0Set8Tsrg2uEgpiIoNgGY=
=VZy+
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert