Linux Security
Linux Security
Linux Security

Debian: New diatheke packages fix arbirary shell command execution

Date 25 Feb 2008
3867
Posted By LinuxSecurity Advisories
Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1508-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
https://www.debian.org/security/                          Thijs Kinkhorst
February 25, 2008                     https://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : diatheke
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-0932
Debian Bug     : 466449

Dan Dennison discovered that Diatheke, a CGI program to make a bible
website, performs insufficient sanitising of a parameter, allowing a
remote attacker to execute arbitrary shell commands as the web server
user.

For the stable distribution (etch), this problem has been fixed in version
1.5.9-2etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 1.5.7-7sarge1.

For the unstable distribution (sid), this problem has been fixed in version
1.5.9-8.

We recommend that you upgrade your diatheke package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.dsc
    Size/MD5 checksum:      938 4f7872250c457ac36f0b20b4be235647
  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.diff.gz
    Size/MD5 checksum:   277640 f8993cddacdac25ca55b7e99ced8ff49
  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7.orig.tar.gz
    Size/MD5 checksum:  1482711 369f09068839c646aeab691c63a40d67

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_alpha.deb
    Size/MD5 checksum:   861694 ca88e3e550ae01cd8e3ad1a6d6471814
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_alpha.deb
    Size/MD5 checksum:   419320 35838e66e76e99777524aa81741025c8
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_alpha.deb
    Size/MD5 checksum:    61684 b97611c37f53b39941573e6c76609c40

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_amd64.deb
    Size/MD5 checksum:   602656 c4b37895a49dce481ea3c6a8817123c2
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_amd64.deb
    Size/MD5 checksum:    56944 ad12da845e900e3a28c70b9b2baa6d70
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_amd64.deb
    Size/MD5 checksum:   383486 614d4988fd26ccc58dbe1029aacb7930

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_arm.deb
    Size/MD5 checksum:    60386 3400611bc0cba8ea77e4bfbeaa659ac6
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_arm.deb
    Size/MD5 checksum:   664170 d0d17f06931f3e6076aed502e8128d5c
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_arm.deb
    Size/MD5 checksum:   423264 9951b8913a4c6b18b357aead48e53f6c

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_hppa.deb
    Size/MD5 checksum:    62772 676ff7f61ab0ee7629e7fcb59d67cfd5
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_hppa.deb
    Size/MD5 checksum:   494764 15e5da49e21a167088aacebf94a12367
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_hppa.deb
    Size/MD5 checksum:   750722 44a066596efa0bb63b184635d3d9c985

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb
    Size/MD5 checksum:   556994 f04d2f9bc41e5703967630adf4e12754
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb
    Size/MD5 checksum:   388072 4dabb05ea1d6b72ba61e8877cbad1544
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb
    Size/MD5 checksum:    58108 665ce388ee9a74a0d850007beae3051a

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_ia64.deb
    Size/MD5 checksum:   466340 0a9f1874a5ee1d6617da38d4f7417802
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_ia64.deb
    Size/MD5 checksum:    64644 e50afdc379e2ee1cfc63362ca56b6a43
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_ia64.deb
    Size/MD5 checksum:   837798 81cf1be5ab2d124e9dd92a1da9c1c15d

m68k architecture (Motorola Mc680x0)

  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_m68k.deb
    Size/MD5 checksum:   417132 f5e116fb462b5bdf9ef08211d1c6cd52
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_m68k.deb
    Size/MD5 checksum:    57980 86d8007e4816fffee69ea16c4827ce06
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_m68k.deb
    Size/MD5 checksum:   567256 2d9c3d17625959ab6cc07e4f793ffe1e

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mips.deb
    Size/MD5 checksum:    56452 5d7c6933e70b725863bd0a66c67a55fe
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mips.deb
    Size/MD5 checksum:   386732 9cf45f9a4f2a724ddf59f44722fe65a0
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mips.deb
    Size/MD5 checksum:   646212 b9384991c2c1b2b8e0018b6416d31951

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mipsel.deb
    Size/MD5 checksum:    56966 35d2052410564a85968bf742f3f68dbf
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mipsel.deb
    Size/MD5 checksum:   379530 26b3825148616fd2d6dd3cd903a4e977
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mipsel.deb
    Size/MD5 checksum:   638566 46b77e2b772f5541e1796e7da843a247

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_powerpc.deb
    Size/MD5 checksum:   391192 0b34febe0ebb14c92682c2dbc76771fa
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_powerpc.deb
    Size/MD5 checksum:    58252 19548157c20b44b18caef5d403e14fb7
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_powerpc.deb
    Size/MD5 checksum:   604674 be541b1d6bcc5e80316060186be21d10

s390 architecture (IBM S/390)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_s390.deb
    Size/MD5 checksum:    56026 b8120c2d0e5be07ddb300af6a60c1faa
  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_s390.deb
    Size/MD5 checksum:   370772 ddf6d071ad5aa712420c75a8d2bfb738
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_s390.deb
    Size/MD5 checksum:   556410 ee6ddc10bfbe16de2169fdc0520141b0

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_sparc.deb
    Size/MD5 checksum:   371800 65781c2553eb412d5fde41764acda7a4
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_sparc.deb
    Size/MD5 checksum:   562484 01aab00a96c2a41a993dda30244bcd39
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_sparc.deb
    Size/MD5 checksum:    55892 269c7013235b22bb8f729d1be6afdf14

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9.orig.tar.gz
    Size/MD5 checksum:  1806178 346539f31b41015161d8dd0d2f035243
  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.diff.gz
    Size/MD5 checksum:    82071 c39c316e9c81e54136eb02f68292c09d
  https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.dsc
    Size/MD5 checksum:     1026 d93f49c3798272c9de84ec6ae5d1cbed

alpha architecture (DEC Alpha)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_alpha.deb
    Size/MD5 checksum:    63862 f5bd3d4b2b9f4d25e4e46bd340be6574
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_alpha.deb
    Size/MD5 checksum:  1083146 9e5c12ac37f74c73de71640dc9123451
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_alpha.deb
    Size/MD5 checksum:   570134 8f0e4a8a277c52f8792fbaaf3832cad4

amd64 architecture (AMD x86_64 (AMD64))

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_amd64.deb
    Size/MD5 checksum:    60336 bda3b15108b9219d05c912a163aebe3f
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_amd64.deb
    Size/MD5 checksum:   753952 b3317e5f636d51d0d3cb67bea6d8ff66
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_amd64.deb
    Size/MD5 checksum:   522700 c3811d54aaf90d8a1e21f15c5002fd17

arm architecture (ARM)

  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_arm.deb
    Size/MD5 checksum:   573672 8ffba4012e609e2798d350b38ddbd8c7
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_arm.deb
    Size/MD5 checksum:   766388 55b6d5123ca9b9092032bf9caee98112
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_arm.deb
    Size/MD5 checksum:    63234 958ca4da6586909d9409b40329f39f45

hppa architecture (HP PA RISC)

  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_hppa.deb
    Size/MD5 checksum:   584080 6f1cc9c15b664ebb74e1cf7e939c4f75
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_hppa.deb
    Size/MD5 checksum:   845330 71c64fedf3e13c7b539f312eb086c49a
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_hppa.deb
    Size/MD5 checksum:    61824 2d469a58a247a92c465580385506f9a7

i386 architecture (Intel ia32)

  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_i386.deb
    Size/MD5 checksum:   526314 95b5aaff3ccec4dcd1f77e95f6bf2da0
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb
    Size/MD5 checksum:   701078 e3c8ec3d6dcfcfae0cddbb618353db36
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_i386.deb
    Size/MD5 checksum:    62206 0a384fecde3e4492fda105eb9d82ce35

ia64 architecture (Intel ia64)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_ia64.deb
    Size/MD5 checksum:    67770 c7296f050f8b6aa8b3716407c1e8bd9e
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_ia64.deb
    Size/MD5 checksum:  1056066 63924aeee34272cb2aa1488ffcb62c49
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_ia64.deb
    Size/MD5 checksum:   652744 4e403c544c3894965f828fa63336d227

mips architecture (MIPS (Big Endian))

  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mips.deb
    Size/MD5 checksum:   513104 4235aac60a97d5095faa74fcb6f63673
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mips.deb
    Size/MD5 checksum:   808744 5fcc41e803e360838401204ea3d15473
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mips.deb
    Size/MD5 checksum:    59746 c1cbe01f3531e635f30bb2b41b362222

mipsel architecture (MIPS (Little Endian))

  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mipsel.deb
    Size/MD5 checksum:   798964 db9f7c30066e22baadbcb732b6eadbf8
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mipsel.deb
    Size/MD5 checksum:   491160 53790c7e146badd8a45bb46bf5908d7e
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mipsel.deb
    Size/MD5 checksum:    59656 cbcedf0aa7bed75a0c633367c08b24ea

powerpc architecture (PowerPC)

  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_powerpc.deb
    Size/MD5 checksum:    61128 e66a08fccc0c312e7ae74296dda033ad
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_powerpc.deb
    Size/MD5 checksum:   777846 579e38653daaddc21914087ad5584b57
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_powerpc.deb
    Size/MD5 checksum:   535186 2f9311708b7d8ec3121831676086f333

s390 architecture (IBM S/390)

  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_s390.deb
    Size/MD5 checksum:   495200 fc79f7ccbeabbd6e7522918f1b749c75
  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_s390.deb
    Size/MD5 checksum:   684810 776d22f572895a62b0a569321a9cbb8d
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_s390.deb
    Size/MD5 checksum:    58638 0c496a1f4ab88f02fd737a30a61939a3

sparc architecture (Sun SPARC/UltraSPARC)

  https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_sparc.deb
    Size/MD5 checksum:   689496 0d06108dda2563af38065bc454d1e9ac
  https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_sparc.deb
    Size/MD5 checksum:    59264 71c327d607c82faaacbc5a8fe498e8da
  https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_sparc.deb
    Size/MD5 checksum:   548874 6c18df8573010673e5a3855ec326604b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb https://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
/main-polls/52-how-frequently-do-you-patch-update-your-system?task=poll.vote&format=json
52
radio
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"52","type":"x","order":"1","pct":77.61,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"9","type":"x","order":"2","pct":13.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"6","type":"x","order":"3","pct":8.96,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.

VOTE ON THE POLL PAGE


VIEW MORE POLLS

bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.