Ubuntu
sing package

[CVE-2007-6211] sing in debian is vulnerable

Bug #173948 reported by Stephan Rügamer on 2007-12-04

256

	Status	Importance	Assigned to
sing (Debian)	Fix Released	Unknown	debbugs #454167
sing (Ubuntu)	Fix Released	Undecided	William Grant
Dapper	Fix Released	Undecided	Stephan Rügamer
Edgy	Fix Released	Undecided	Stephan Rügamer
Feisty	Fix Released	Undecided	Stephan Rügamer
Gutsy	Fix Released	Undecided	Stephan Rügamer
Hardy	Fix Released	Undecided	William Grant

Bug Description

Binary package hint: sing

Dear Colleagues,

Send Nasty ICMP Garbage (sing) on Debian GNU/Linux allows local users
to append to arbitrary files and gain privileges via the -L (output
log file) option.

The very same version we have in Ubuntu.

Related branches

lp:ubuntu/dapper-security/sing

lp:ubuntu/edgy-security/sing

lp:ubuntu/feisty-security/sing

lp:ubuntu/gutsy-updates/sing

CVE References

2007-6211

Stephan Rügamer (sruegamer) on 2007-12-04

Changed in sing:
assignee:	nobody → shermann
status:	New → In Progress

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

gutsy debdiff to fix this issue Edit (2.2 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

feisty debdiff to fix this issue Edit (2.2 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

edgy debdiff to fix this issue Edit (1.7 KiB, text/plain)

Revision history for this message

Stephan Rügamer (sruegamer) wrote on 2007-12-04:

dapper debdiff to fix this issue Edit (1.7 KiB, text/plain)

William Grant (wgrant) on 2007-12-05

Changed in sing:
assignee:	shermann → fujitsu
assignee:	nobody → shermann
status:	New → In Progress
assignee:	nobody → shermann
status:	New → In Progress
assignee:	nobody → shermann
status:	New → In Progress
assignee:	nobody → shermann
status:	New → In Progress

Revision history for this message

William Grant (wgrant) wrote on 2007-12-05:

sing (1.1-15ubuntu1) hardy; urgency=low

  * SECURITY UPDATE: Privilege escalation via file appending. (LP: #173948)
  * parser.c: Change UID to that of the running user before opening files.
    Patch from Debian.
  * References
    CVE-2007-6211

-- William Grant <email address hidden> Wed, 05 Dec 2007 18:38:37 +1100

Changed in sing:
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2007-12-05

Changed in sing:
status:	Unknown → Fix Released

Revision history for this message

Kees Cook (kees) wrote on 2008-01-28:

Thanks for the updates! This is building now and should publish shortly.

Changed in sing:
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed
status:	In Progress → Fix Committed

Kees Cook (kees) on 2008-01-29

Changed in sing:
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #454167
[done critical patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntusing package

[CVE-2007-6211] sing in debian is vulnerable

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
sing package