[Secure-testing-commits] r1698 - in data/DTSA: . advs
Moritz Muehlenhoff
jmm-guest at costa.debian.org
Sun Aug 28 17:41:34 UTC 2005
Author: jmm-guest
Date: 2005-08-28 17:41:34 +0000 (Sun, 28 Aug 2005)
New Revision: 1698
Added:
data/DTSA/advs/
data/DTSA/advs/0-hotzenplotz.adv
data/DTSA/advs/1-kismet.adv
data/DTSA/dtsa
Log:
dtsa adapted to new DTSA templates
Ported over data from kismet DTSA to the new format
Added: data/DTSA/advs/0-hotzenplotz.adv
===================================================================
--- data/DTSA/advs/0-hotzenplotz.adv 2005-08-28 17:33:31 UTC (rev 1697)
+++ data/DTSA/advs/0-hotzenplotz.adv 2005-08-28 17:41:34 UTC (rev 1698)
@@ -0,0 +1,15 @@
+dtsa: DTSA-0-1
+source: hotzenplotz
+date: 2005-11-12
+author: Wachtmeister Dimpfelmoser
+vuln-type: buffer overflows
+problem-scope: remote
+debian-specifc:
+cve: CAN-1978-0019
+vendor-advisory: http://www.hotzenplotz.org/sec/buffer-overflow.html
+testing-fix: 3.14-1ts1
+sid-fix: 3.14-2
+
+User authentication in hotzenplotz does not verify the user name properly.
+A buffer overflow can be exploited to execute arbitrary code with elevated
+privileges.
Added: data/DTSA/advs/1-kismet.adv
===================================================================
--- data/DTSA/advs/1-kismet.adv 2005-08-28 17:33:31 UTC (rev 1697)
+++ data/DTSA/advs/1-kismet.adv 2005-08-28 17:41:34 UTC (rev 1698)
@@ -0,0 +1,23 @@
+dtsa: DTSA-1-1
+source: kismet
+date: August 26th, 2005
+author: Joey Hess
+vuln-type: various
+problem-scope: remote
+debian-specific: no
+cve: CAN-2005-2626 CAN-2005-2627
+testing-fix: 2005.08.R1-0.1etch1
+sid-fix: 2005.08.R1-1
+
+Multiple security holes have been discovered in kismet:
+
+ CAN-2005-2627
+
+ Multiple integer underflows in Kismet allow remote attackers to execute
+ arbitrary code via (1) kernel headers in a pcap file or (2) data frame
+ dissection, which leads to heap-based buffer overflows.
+
+ CAN-2005-2626
+
+ Unspecified vulnerability in Kismet allows remote attackers to have an
+ unknown impact via unprintable characters in the SSID.
Added: data/DTSA/dtsa
===================================================================
--- data/DTSA/dtsa 2005-08-28 17:33:31 UTC (rev 1697)
+++ data/DTSA/dtsa 2005-08-28 17:41:34 UTC (rev 1698)
@@ -0,0 +1,204 @@
+#!/usr/bin/python
+
+import sys, getopt, os, glob
+
+# TODO:
+# Create the web overview
+# Add code for updating a DTSA
+# Include SHA-1 checksums in advisories
+
+# Note: This has to be run inside secure-testing/data/DTSA/
+
+# Prerequisites:
+# subdirectories advs/plain-text and advs/html
+# mailx package installed
+
+announce_mail_address = "secure-testing-announce at lists.alioth.debian.org"
+
+def print_usage():
+ print "dtsa [-a | -u] dtsa-id major number"
+ print " -a Announce a DTSA"
+ print " -u Update an existing DTSA from a template"
+ sys.exit(-1)
+
+
+def publish_dtsa(id):
+ filename=glob.glob("advs/" + id + "-*.adv")
+
+ src = ""
+ date = ""
+ vuln_type = ""
+ cve = ""
+ testing_fix = ""
+ sid_fix = ""
+ vendor_advisory = ""
+ d = False
+ descr = []
+ author = ""
+ scope = ""
+ debian_specific = False
+
+ dtsa_id = "DTSA-" + id + "-1"
+
+ t_f = open(filename[0], "r")
+ t_l = t_f.readlines()
+
+ for i in t_l:
+ if i.startswith("source:"):
+ src = i[7:].strip()
+ elif i.startswith("date:"):
+ date = i[5:].strip()
+ elif i.startswith("author:"):
+ author = i[7:].strip()
+ elif i.startswith("vendor-advisory:"):
+ vendor_advisory = i[16:].strip()
+ elif i.startswith("vuln-type:"):
+ vuln_type = i[10:].strip()
+ elif i.startswith("problem-scope:"):
+ scope = i[14:].strip()
+ elif i.startswith("debian-specific:"):
+ if i[16:].strip() == "yes":
+ debian_specific = True
+ elif i.startswith("cve:"):
+ cve = i[4:].strip().split(" ")
+ elif i.startswith("testing-fix:"):
+ testing_fix = i[12:].strip()
+ elif i.startswith("sid-fix:"):
+ sid_fix = i[8:].strip()
+ elif d:
+ descr.append(i.strip())
+ elif i == "\n" and d == False:
+ d = True
+
+ if len(cve) == 0:
+ print "No CVE assignments seem to have been made for this issue"
+
+ print "There's currently not yet support for an HTML representation, but it will"
+ print "be added soon."
+ print
+
+ export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, dtsa_id, 1, author, scope, debian_specific)
+
+ print "A textual representation has been generated as", dtsa_id
+ print "You can publish it with the sndadvisory script"
+ print
+
+ construct_dtsa_list(date, dtsa_id, src, vuln_type, testing_fix)
+
+ print "Added new DTSA to the list of DTSAs"
+ print
+
+# This adds a published DTSA to the list, so that it can be cross-referenced with DSAs and CVE IDs
+def construct_dtsa_list(date, dtsa_id, src, vuln_type, testing_fix):
+ l_f = open(os.getcwd() + "/list", "a")
+ # What do we need the date for?
+ l_f.write("[01 Jan 1969] " + dtsa_id + " " + src + " - " + vuln_type + "\n")
+ l_f.write("\t- " + src + " " + testing_fix + "\n")
+ l_f.close()
+
+def export_html(src, data, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev):
+ pass
+
+
+def export_ascii(src, date, vuln_type, cve, testing_fix, sid_fix, descr, vendor_advisory, id, rev, author, scope, debian_specific):
+ ascii = open(os.getcwd() + "/" + id, "w")
+
+ # FIXME, correct indents
+ ascii.write("------------------------------------------------------------------------------\n")
+ ascii.write("Debian Testing Security Advisory "+ id + " http://secure-testing.debian.net\n")
+ ascii.write("secure-testing-team at lists.alioth.debian.org " + author + "\n")
+ ascii.write(date + "\n")
+ ascii.write("------------------------------------------------------------------------------\n")
+ ascii.write("\n")
+ ascii.write("Package : " + src + "\n")
+ ascii.write("Vulnerability : " + vuln_type + "\n")
+ ascii.write("Problem-Scope : " + scope + "\n")
+ ascii.write("Debian-specific: " + yn(debian_specific) + "\n")
+# if len(vendor_advisory) > 0:
+# ascii.write("Vendor advisory: " + vendor_advisory + "\n")
+# else:
+# ascii.write("Vendor advisory: Not available\n")
+ cves = "CVE ID : "
+ if len(cve) > 0:
+ for i in cve:
+ cves += i
+ cves += " "
+ ascii.write(cves + "\n")
+ else:
+ ascii.write(cves + "None so far\n")
+ ascii.write("\n")
+ for i in descr:
+ ascii.write(i + "\n")
+ ascii.write("\n")
+
+ ascii.write("For the testing distribution (etch) this is fixed in version\n")
+ ascii.write(testing_fix + "\n")
+ ascii.write("\n")
+
+ if len(sid_fix) > 0:
+ ascii.write("For the unstable distribution (sid) this is fixed in version\n")
+ ascii.write(sid_fix + "\n")
+ else:
+ ascii.write("For the unstable distribution this problem will be fixed soon\n")
+ ascii.write("\n")
+
+ ascii.write("This upgrade is recommended if you use " + src + "\n")
+ ascii.write("\n")
+
+ ascii.write("The Debian testing security team does not track security issues for then\n")
+ ascii.write("stable (sarge) and oldstable (woody) distributions. If stable is vulnerable,\n")
+ ascii.write("the Debian security team will make an announcement once a fix is ready.\n")
+ ascii.write("\n")
+
+ ascii.write("Upgrade Instructions\n")
+ ascii.write("--------------------\n")
+ ascii.write("\n")
+
+ ascii.write("To use the Debian testing security archive, add the following lines to\n")
+ ascii.write("your /etc/apt/sources.list:\n")
+ ascii.write("\n")
+ ascii.write("deb http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free\n")
+ ascii.write("deb-src http://secure-testing.debian.net/debian-security-updates etch-proposed-updates/security-updates main contrib non-free\n")
+ ascii.write("\n")
+ ascii.write("The archive signing key can be downloaded from\n")
+ ascii.write("http://secure-testing.debian.net/ziyi-2005-7.asc\n")
+ ascii.write("\n")
+
+ ascii.write("To install the update, run this command as root:\n")
+ ascii.write("\n")
+
+ ascii.write("apt-get update && apt-get install "+ src + "FIXME, I'm broken \n")
+ ascii.write("\n")
+
+ ascii.write("For further information about the Debian testing security team, please refer\n")
+ ascii.write("to http://secure-testing.debian.net/\n")
+
+ # FIXME, use python-crypto for inclusion of SHA-1 checksums
+
+ print "ASCII representation has been exported"
+
+def yn(v):
+ if v:
+ return "Yes"
+ else:
+ return "No"
+
+
+def update_dtsa():
+ pass
+
+opts, pargs = getopt.getopt(sys.argv[1:], "ua")
+
+# FIXME, better cmdline error handling
+
+if len(opts) < 1:
+ print_usage()
+
+if len(opts) != 1:
+ print_usage()
+
+if opts[0][0] == "-u":
+ update_dtsa()
+
+if opts[0][0] == "-a":
+ publish_dtsa(pargs[0].strip())
Property changes on: data/DTSA/dtsa
___________________________________________________________________
Name: svn:executable
+ *
More information about the Secure-testing-commits
mailing list