Ubuntu
opendchub package

OpenDcHub 0.8.1 Remote Code Execution Exploit

Bug #576507 reported by Manny Vindiola
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
opendchub (Ubuntu)
Invalid
Medium
Unassigned
Lucid
Invalid
Medium
Manny Vindiola

Bug Description

Binary package hint: opendchub

This was reported to full-disclosure:
http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600

The exploit does not give shell in lucid version (0.8.0) but it will cause the daemon to crash:

$ gdb -q
(gdb) att 8503
Attaching to process 8503
Reading symbols from /usr/bin/opendchub...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libperl.so.5.10...(no debugging symbols found)...done.
Loaded symbols for /usr/lib/libperl.so.5.10
Reading symbols from /lib/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libm.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /lib/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libcrypt.so.1
Reading symbols from /lib/libcap.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libcap.so.2
Reading symbols from /lib/libnsl.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib/libattr.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib/libattr.so.1
Reading symbols from /lib/libnss_compat.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib/libnss_nis.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib/libnss_files.so.2
0x00007ff5e1825f18 in poll () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGPIPE, Broken pipe.
0x00007ff5e18244c0 in write () from /lib/libc.so.6
(gdb) c
Continuing.

Program received signal SIGABRT, Aborted.
0x00007ff5e177fa75 in raise () from /lib/libc.so.6
(gdb) c
Continuing.

Program terminated with signal SIGABRT, Aborted.
The program no longer exists.

I have applied a patch from upstream which solves the problem.

Package builds, installs and runs cleanly in lucid chroot.

CVE References

Revision history for this message
Manny Vindiola (serialorder) wrote :
Revision history for this message
David Futcher (bobbo) wrote :

Confirming due to CVE, setting importance to Medium.

Changed in opendchub (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Artur Rona (ari-tczew) wrote :

Fixed in upstream 0.8.1, maverick has got 0.8.2. Setting as fixed.

Changed in opendchub (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Artur Rona (ari-tczew) wrote :

Manny, thanks for your contribution to Ubuntu. However, your patch needs to be improved following these instructions: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation

If you are not interested in fixing debdiff, I could prepare correct patch, but I need a tester.

I look forward to hearing your answer.

Regards

Jamie Strandboge (jdstrand)
Changed in opendchub (Ubuntu Lucid):
status: New → Triaged
Jamie Strandboge (jdstrand)
Changed in opendchub (Ubuntu Lucid):
assignee: nobody → Manny Vindiola (serialorder)
importance: Undecided → Medium
status: Triaged → Incomplete
tags: added: patch-needswork
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to 'New'. Thanks again!

Changed in opendchub (Ubuntu):
status: Fix Released → Invalid
Changed in opendchub (Ubuntu Lucid):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.