ports/90813: [Maintainer update] shells/scponly: Update to 4.2 (with security fixes)
Hideyuki KURASHINA
rushani at FreeBSD.org
Thu Dec 22 15:40:07 UTC 2005
>Number: 90813
>Category: ports
>Synopsis: [Maintainer update] shells/scponly: Update to 4.2 (with security fixes)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Dec 22 15:40:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator: Hideyuki KURASHINA
>Release: FreeBSD 5.4-RELEASE-p8 i386
>Organization:
>Environment:
System: FreeBSD ***.*******.jp 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #1: Thu Dec 1 00:38:07 JST 2005 hideyuki@***.*******.jp:/usr/obj/usr/src/sys/*** i386
>Description:
o Update to 4.2.
- Security fixes (local privilege escalation exploits). See
https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
for details.
- The scp and WinSCP compatibilities are turned off by default
to improve scp argument processing.
- The sftp-logging supported.
- Etc.
o Add SHA256 hash.
o Put relevant entry into vuln.xml
>How-To-Repeat:
Refer
http://www.sublimation.org/scponly/
>Fix:
Apply following patch,
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- Makefile 20 Jun 2005 14:51:14 -0000 1.18
+++ Makefile 22 Dec 2005 14:31:04 -0000
@@ -24,18 +24,10 @@
# default: undefined
# define if you want to disable wildcard processing.
#
-# WITHOUT_SCPONLY_SCP
-# default: undefined
-# define if you want to disable vanilla scp compatibility.
-#
# WITHOUT_SCPONLY_GFTP
# default: undefined
# define if you want to disable gftp compatibility.
#
-# WITHOUT_SCPONLY_WINSCP
-# default: undefined
-# define if you want to disable WinSCP compatibility.
-#
# WITH_SCPONLY_CHROOT
# default: undefined
# define if you want to use chroot functionality (set UID to root).
@@ -44,6 +36,14 @@
# default: undefined
# define if you want to enable rsync compatibility.
#
+# WITH_SCPONLY_SCP
+# default: undefined
+# define if you want to enable vanilla scp compatibility.
+#
+# WITH_SCPONLY_SFTP_LOGGING
+# default: undefined
+# define if you want to enable sftp logging compatibility.
+#
# WITH_SCPONLY_SVN
# default: undefined
# define if you want to enable subversion compatibility.
@@ -56,6 +56,10 @@
# default: undefined
# define if you want to enable unison compatibility.
#
+# WITH_SCPONLY_WINSCP
+# default: undefined
+# define if you want to enable WinSCP compatibility.
+#
#
# Additional knobs:
#
@@ -66,8 +70,8 @@
# to be installed.
PORTNAME= scponly
-PORTVERSION= 4.1
-PORTREVISION= 2
+PORTVERSION= 4.2
+PORTREVISION= 0
CATEGORIES= shells
MASTER_SITES= http://www.sublimation.org/scponly/
EXTRACT_SUFX= .tgz
@@ -90,18 +94,10 @@
CONFIGURE_ARGS+=--disable-wildcards
.endif
-.if defined(WITHOUT_SCPONLY_SCP)
-CONFIGURE_ARGS+=--disable-scp-compat
-.endif
-
.if defined(WITHOUT_SCPONLY_GFTP)
CONFIGURE_ARGS+=--disable-gftp-compat
.endif
-.if defined(WITHOUT_SCPONLY_WINSCP)
-CONFIGURE_ARGS+=--disable-winscp-compat
-.endif
-
.if defined(WITH_SCPONLY_CHROOT)
PLIST_SUB= SCPONLY_CHROOT=""
CONFIGURE_ARGS+=--enable-chrooted-binary
@@ -113,6 +109,14 @@
CONFIGURE_ARGS+=--enable-rsync-compat
.endif
+.if defined(WITH_SCPONLY_SCP)
+CONFIGURE_ARGS+=--enable-scp-compat
+.endif
+
+.if defined(WITH_SCPONLY_SFTP_LOGGING)
+CONFIGURE_ARGS+=--enable-sftp-logging-compat
+.endif
+
.if defined(WITH_SCPONLY_SVN)
BUILD_DEPENDS+= svn:${PORTSDIR}/devel/subversion
RUN_DEPENDS+= ${BUILD_DEPENDS}
@@ -131,6 +135,10 @@
CONFIGURE_ARGS+=--enable-unison-compat
.endif
+.if defined(WITH_SCPONLY_WINSCP)
+CONFIGURE_ARGS+=--enable-winscp-compat
+.endif
+
pre-everything::
@${ECHO_MSG} ""
@${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/distinfo,v
retrieving revision 1.10
diff -u -r1.10 distinfo
--- distinfo 14 Apr 2005 03:56:00 -0000 1.10
+++ distinfo 22 Dec 2005 09:28:12 -0000
@@ -1,2 +1,3 @@
-MD5 (scponly-4.1.tgz) = 32e4b87dc46c78573010c1146e9744f0
-SIZE (scponly-4.1.tgz) = 93138
+MD5 (scponly-4.2.tgz) = 270dedc527d6fbc68b152b8bb3c8a864
+SHA256 (scponly-4.2.tgz) = 517b5b5966fa78ae3319221a56a6a2e19edf9f4d9910b1a37ca32748104b00f3
+SIZE (scponly-4.2.tgz) = 96736
Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.907
diff -u -u -r1.907 vuln.xml
--- vuln.xml 19 Dec 2005 15:14:33 -0000 1.907
+++ vuln.xml 22 Dec 2005 15:24:32 -0000
@@ -34,6 +34,54 @@
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="b5a49db7-72fc-11da-9827-021106004fd6">
+ <topic>scponly -- local privilege escalation exploits</topic>
+ <affects>
+ <package>
+ <name>scponly</name>
+ <range><lt>4.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Max Vozeler reports:</p>
+ <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
+ <p>If ALL the following conditions are true, administrators using
+ scponly-4.1 or older may be at risk of a local privilege
+ escalation exploit:</p>
+ <ul>
+ <li>the chrooted setuid scponlyc binary is installed</li>
+ <li>regular non-scponly users have interactive shell access
+ to the box</li>
+ <li>a user executable dynamically linked setuid binary
+ (such as ping) exists on the same file system mount
+ as the user's home directory</li>
+ <li>the operating system supports an LD_PRELOAD style
+ mechanism to overload dynamic library loading</li>
+ </ul>
+ </blockquote>
+ <p>Pekka Pessi also reports:</p>
+ <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">
+ <p>If ANY the following conditions are true, administrators
+ using scponly-4.1 or older may be at risk of a local privilege
+ escalation exploit:</p>
+ <ul>
+ <li>scp compatibility is enabled</li>
+ <li>rsync compatibility is enabled</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html</url>
+ <url>http://sublimation.org/scponly/#relnotes</url>
+ </references>
+ <dates>
+ <discovery>2005-12-21</discovery>
+ <entry>2005-12-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f7eb0b23-7099-11da-a15c-0060084a00e5">
<topic>fetchmail -- null pointer dereference in multidrop mode with
headerless email</topic>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list