Bug#522123: Regarding destar vulnerabilities

Alejandro Rios P. alerios at debian.org
Wed Apr 1 23:56:04 UTC 2009 

Hello.

The first vulnerability (CVE-2008-6538) is not present in the debian packages, since the packages include a default 'Configurator' user and instructions on how to change it on README.Debian, and the exploit requires prior knowledge of an administrator IP address that has choosed to use auto-login (disabled by default in debian).

The second vulnerability (CVE-2008-6539), is a privilege scalation issue that is present in all debian versions available at the moment and here is a patch for oldstable that can be used while a new package is released:

---------------

diff -urN debian-bug-522123/page_user_settings.ptl /usr/share/destar/python/page_user_settings.ptl
--- debian-bug-522123/page_user_settings.ptl	2009-04-01 18:43:20.000000000 -0500
+++ /usr/share/destar/python/page_user_settings.ptl	2009-04-01 18:43:32.000000000 -0500
@@ -60,10 +60,10 @@
 	form.add(StringWidget,       "cfto", cfto, title=_("Forward call when timeout/unavailable to"))
 	form.add(IntWidget,          "dsec", dsec,         title=_("Seconds of incoming ring time"), maxlength=3, size=3)
 #	form.add(CheckboxWidget,     "vm",   vm,           title=_("Use voice mailbox"))
-	form.add(StringWidget,       "pin", phone.pin, title=_("Voicemail pin"), len=10)
+	form.add(StringWidget,       "pin", phone.pin, title=_("Voicemail pin"), maxlength=10)
 	try:
 		if phone.secret:
-			form.add(StringWidget,  "secret", phone.secret, title=_("Extension Password"), len=10)
+			form.add(StringWidget,  "secret", phone.secret, title=_("Extension Password"), maxlength=10)
 	except AttributeError:
 		pass
 	form.add(SubmitWidget, '_submit', _("Submit"), render_br=False)
@@ -79,11 +79,15 @@
 	manager.setVar('CFBS/%s' % phone.pbx, phone.ext, form['cfbs'] or '')
 	manager.setVar('CFTO/%s' % phone.pbx, phone.ext, form['cfto'] or '')
 
-	if form["pin"]:
+	if form["pin"] and not form["pin"].__contains__("Cfg"):
 		phone.pin = form["pin"]
+	else:
+		return form.render()
 	try:
-		if form["secret"]:
+		if form["secret"] and not form["secret"].__contains__("Cfg"):
 			phone.secret = form["secret"]
+		else:
+			return form.render()
 	except KeyError:	
 		pass
 	backend.updateConfiglet(phone)



---------------


-- 
Alejandro Rios Peña

More information about the Pkg-voip-maintainers mailing list