FreeBSD Mail Archives

Date:      Fri, 23 Dec 2005 00:29:14 +0900 (JST)
From:      Hideyuki KURASHINA <rushani@FreeBSD.org>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/90813: [Maintainer update] shells/scponly: Update to 4.2 (with security fixes)
Message-ID:  <20051223.002914.41650968.rushani@FreeBSD.org>
Resent-Message-ID: <200512221540.jBMFe32R097125@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help


>Number:         90813
>Category:       ports
>Synopsis:       [Maintainer update] shells/scponly: Update to 4.2 (with security fixes)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Dec 22 15:40:03 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Hideyuki KURASHINA
>Release:        FreeBSD 5.4-RELEASE-p8 i386
>Organization:
>Environment:

	System: FreeBSD ***.*******.jp 5.4-RELEASE-p8 FreeBSD 5.4-RELEASE-p8 #1: Thu Dec 1 00:38:07 JST 2005 hideyuki@***.*******.jp:/usr/obj/usr/src/sys/*** i386

>Description:

	o Update to 4.2.
	  - Security fixes (local privilege escalation exploits).  See
            https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html
            for details.
	  - The scp and WinSCP compatibilities are turned off by default
	    to improve scp argument processing.
          - The sftp-logging supported.
	  - Etc.
	o Add SHA256 hash.
	o Put relevant entry into vuln.xml

>How-To-Repeat:

	Refer
	  
	  http://www.sublimation.org/scponly/
	
>Fix:

	Apply following patch,

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/Makefile,v
retrieving revision 1.18
diff -u -r1.18 Makefile
--- Makefile	20 Jun 2005 14:51:14 -0000	1.18
+++ Makefile	22 Dec 2005 14:31:04 -0000
@@ -24,18 +24,10 @@
 # default: undefined
 # define if you want to disable wildcard processing.
 #
-# WITHOUT_SCPONLY_SCP
-# default: undefined
-# define if you want to disable vanilla scp compatibility.
-#
 # WITHOUT_SCPONLY_GFTP
 # default: undefined
 # define if you want to disable gftp compatibility.
 #
-# WITHOUT_SCPONLY_WINSCP
-# default: undefined
-# define if you want to disable WinSCP compatibility.
-#
 # WITH_SCPONLY_CHROOT
 # default: undefined
 # define if you want to use chroot functionality (set UID to root).
@@ -44,6 +36,14 @@
 # default: undefined
 # define if you want to enable rsync compatibility.
 #
+# WITH_SCPONLY_SCP
+# default: undefined
+# define if you want to enable vanilla scp compatibility.
+#
+# WITH_SCPONLY_SFTP_LOGGING
+# default: undefined
+# define if you want to enable sftp logging compatibility.
+#
 # WITH_SCPONLY_SVN
 # default: undefined
 # define if you want to enable subversion compatibility.
@@ -56,6 +56,10 @@
 # default: undefined
 # define if you want to enable unison compatibility.
 #
+# WITH_SCPONLY_WINSCP
+# default: undefined
+# define if you want to enable WinSCP compatibility.
+#
 #
 # Additional knobs:
 #
@@ -66,8 +70,8 @@
 # to be installed.
 
 PORTNAME=	scponly
-PORTVERSION=	4.1
-PORTREVISION=	2
+PORTVERSION=	4.2
+PORTREVISION=	0
 CATEGORIES=	shells
 MASTER_SITES=	http://www.sublimation.org/scponly/
 EXTRACT_SUFX=	.tgz
@@ -90,18 +94,10 @@
 CONFIGURE_ARGS+=--disable-wildcards
 .endif
 
-.if defined(WITHOUT_SCPONLY_SCP)
-CONFIGURE_ARGS+=--disable-scp-compat
-.endif
-
 .if defined(WITHOUT_SCPONLY_GFTP)
 CONFIGURE_ARGS+=--disable-gftp-compat
 .endif
 
-.if defined(WITHOUT_SCPONLY_WINSCP)
-CONFIGURE_ARGS+=--disable-winscp-compat
-.endif
-
 .if defined(WITH_SCPONLY_CHROOT)
 PLIST_SUB=	SCPONLY_CHROOT=""
 CONFIGURE_ARGS+=--enable-chrooted-binary
@@ -113,6 +109,14 @@
 CONFIGURE_ARGS+=--enable-rsync-compat
 .endif
 
+.if defined(WITH_SCPONLY_SCP)
+CONFIGURE_ARGS+=--enable-scp-compat
+.endif
+
+.if defined(WITH_SCPONLY_SFTP_LOGGING)
+CONFIGURE_ARGS+=--enable-sftp-logging-compat
+.endif
+
 .if defined(WITH_SCPONLY_SVN)
 BUILD_DEPENDS+=	svn:${PORTSDIR}/devel/subversion
 RUN_DEPENDS+=	${BUILD_DEPENDS}
@@ -131,6 +135,10 @@
 CONFIGURE_ARGS+=--enable-unison-compat
 .endif
 
+.if defined(WITH_SCPONLY_WINSCP)
+CONFIGURE_ARGS+=--enable-winscp-compat
+.endif
+
 pre-everything::
 	@${ECHO_MSG} ""
 	@${ECHO_MSG} "You can enable chroot functionality by defining WITH_SCPONLY_CHROOT."
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/shells/scponly/distinfo,v
retrieving revision 1.10
diff -u -r1.10 distinfo
--- distinfo	14 Apr 2005 03:56:00 -0000	1.10
+++ distinfo	22 Dec 2005 09:28:12 -0000
@@ -1,2 +1,3 @@
-MD5 (scponly-4.1.tgz) = 32e4b87dc46c78573010c1146e9744f0
-SIZE (scponly-4.1.tgz) = 93138
+MD5 (scponly-4.2.tgz) = 270dedc527d6fbc68b152b8bb3c8a864
+SHA256 (scponly-4.2.tgz) = 517b5b5966fa78ae3319221a56a6a2e19edf9f4d9910b1a37ca32748104b00f3
+SIZE (scponly-4.2.tgz) = 96736


Index: vuln.xml
===================================================================
RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.907
diff -u -u -r1.907 vuln.xml
--- vuln.xml	19 Dec 2005 15:14:33 -0000	1.907
+++ vuln.xml	22 Dec 2005 15:24:32 -0000
@@ -34,6 +34,54 @@
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">;
+  <vuln vid="b5a49db7-72fc-11da-9827-021106004fd6">
+    <topic>scponly -- local privilege escalation exploits</topic>
+      <affects>
+        <package>
+          <name>scponly</name>
+          <range><lt>4.2</lt></range>
+        </package>
+      </affects>
+      <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">;
+        <p>Max Vozeler reports:</p>
+        <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">;
+          <p>If ALL the following conditions are true, administrators using
+            scponly-4.1 or older may be at risk of a local privilege
+            escalation exploit:</p>
+          <ul>
+            <li>the chrooted setuid scponlyc binary is installed</li>
+            <li>regular non-scponly users have interactive shell access
+              to the box</li>
+            <li>a user executable dynamically linked setuid binary
+              (such as ping) exists on the same file system mount
+              as the user's home directory</li>
+            <li>the operating system supports an LD_PRELOAD style
+              mechanism to overload dynamic library loading</li>
+          </ul>
+        </blockquote>
+        <p>Pekka Pessi also reports:</p>
+        <blockquote cite="https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html">;
+          <p>If ANY the following conditions are true, administrators
+            using scponly-4.1 or older may be at risk of a local privilege
+            escalation exploit:</p>
+          <ul>
+            <li>scp compatibility is enabled</li>
+            <li>rsync compatibility is enabled</li>
+          </ul>
+        </blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://lists.ccs.neu.edu/pipermail/scponly/2005-December/001027.html</url>;
+      <url>http://sublimation.org/scponly/#relnotes</url>;
+    </references>
+    <dates>
+      <discovery>2005-12-21</discovery>
+      <entry>2005-12-22</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="f7eb0b23-7099-11da-a15c-0060084a00e5">
     <topic>fetchmail -- null pointer dereference in multidrop mode with
       headerless email</topic>
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051223.002914.41650968.rushani>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation