rpms/util-linux-ng/devel util-linux-ng-2.13-login-audit.patch, NONE, 1.1 util-linux-ng.spec, 1.23, 1.24
Karel Zak (kzak)
fedora-extras-commits at redhat.com
Tue Apr 22 19:35:43 UTC 2008
Author: kzak
Update of /cvs/pkgs/rpms/util-linux-ng/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv20857
Modified Files:
util-linux-ng.spec
Added Files:
util-linux-ng-2.13-login-audit.patch
Log Message:
* Tue Apr 22 2008 Karel Zak <kzak at redhat.com> 2.13.1-9
- fix audit log injection attack via login
util-linux-ng-2.13-login-audit.patch:
--- NEW FILE util-linux-ng-2.13-login-audit.patch ---
>From 8ccf0b253ac0f4f58d64bc9674de18bff5a88782 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb at redhat.com>
Date: Sat, 19 Apr 2008 11:49:02 -0400
Subject: [PATCH] login: audit log injection attack via login
A while back I found a couple audit log injection attacks which became
CVE-2007-3102. I forgot to look at login to see if its vulnerable and Mirek
found that it is. To verify the problem, type:
root addr=xyz.com
for the account name while logging in. It will look like root logged in with
an address of xyz.com.
Signed-off-by: Steve Grubb <sgrubb at redhat.com>
---
login-utils/login.c | 10 +++-------
1 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/login-utils/login.c b/login-utils/login.c
index aad2779..2301213 100644
--- a/login-utils/login.c
+++ b/login-utils/login.c
@@ -324,7 +324,6 @@ static void
logaudit(const char *tty, const char *username, const char *hostname,
struct passwd *pwd, int status)
{
- char buf[64];
int audit_fd;
audit_fd = audit_open();
@@ -332,13 +331,10 @@ logaudit(const char *tty, const char *username, const char *hostname,
return;
if (!pwd && username)
pwd = getpwnam(username);
- if (pwd)
- snprintf(buf, sizeof(buf), "uid=%d", pwd->pw_uid);
- else
- snprintf(buf, sizeof(buf), "acct=%s", username ? username : "(unknown)");
- audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
- buf, hostname, NULL, tty, status);
+ audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN,
+ NULL, "login", username ? username : "(unknown)",
+ pwd ? pwd->pw_uid : -1, hostname, NULL, tty, status);
close(audit_fd);
}
--
1.5.4.1
Index: util-linux-ng.spec
===================================================================
RCS file: /cvs/pkgs/rpms/util-linux-ng/devel/util-linux-ng.spec,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -r1.23 -r1.24
--- util-linux-ng.spec 16 Apr 2008 23:01:27 -0000 1.23
+++ util-linux-ng.spec 22 Apr 2008 19:35:02 -0000 1.24
@@ -2,7 +2,7 @@
Summary: A collection of basic system utilities
Name: util-linux-ng
Version: 2.13.1
-Release: 8%{?dist}
+Release: 9%{?dist}
License: GPLv2 and GPLv2+ and BSD with advertising and Public Domain
Group: System Environment/Base
URL: ftp://ftp.kernel.org/pub/linux/utils/util-linux-ng
@@ -106,6 +106,8 @@
Patch12: util-linux-ng-2.13-blockdev-rmpart.patch
# 439984 - backport mkswap -U
Patch13: util-linux-ng-2.13-mkswap-uuid.patch
+# CVE-2007-3102
+Patch14: util-linux-ng-2.13-login-audit.patch
%description
The util-linux-ng package contains a large variety of low-level system
@@ -131,6 +133,7 @@
%patch11 -p1
%patch12 -p1
%patch13 -p1
+%patch14 -p1
%build
unset LINGUAS || :
@@ -524,6 +527,9 @@
/sbin/losetup
%changelog
+* Tue Apr 22 2008 Karel Zak <kzak at redhat.com> 2.13.1-9
+- fix audit log injection attack via login
+
* Thu Apr 17 2008 Karel Zak <kzak at redhat.com> 2.13.1-8
- fix location of the command raw(8)
More information about the fedora-extras-commits
mailing list