Linux Security
    Linux Security
    Linux Security

    Debian: New diatheke packages fix arbirary shell command execution

    Date 25 Feb 2008
    3846
    Posted By LinuxSecurity Advisories
    Dan Dennison discovered that Diatheke, a CGI program to make a bible website, performs insufficient sanitising of a parameter, allowing a remote attacker to execute arbitrary shell commands as the web server user.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1508-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://www.debian.org/security/                          Thijs Kinkhorst
    February 25, 2008                     https://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : diatheke
    Vulnerability  : insufficient input sanitising
    Problem type   : remote
    Debian-specific: no
    CVE Id         : CVE-2008-0932
    Debian Bug     : 466449
    
    Dan Dennison discovered that Diatheke, a CGI program to make a bible
    website, performs insufficient sanitising of a parameter, allowing a
    remote attacker to execute arbitrary shell commands as the web server
    user.
    
    For the stable distribution (etch), this problem has been fixed in version
    1.5.9-2etch1.
    
    For the old stable distribution (sarge), this problem has been fixed in
    version 1.5.7-7sarge1.
    
    For the unstable distribution (sid), this problem has been fixed in version
    1.5.9-8.
    
    We recommend that you upgrade your diatheke package.
    
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.dsc
        Size/MD5 checksum:      938 4f7872250c457ac36f0b20b4be235647
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7-7sarge1.diff.gz
        Size/MD5 checksum:   277640 f8993cddacdac25ca55b7e99ced8ff49
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.7.orig.tar.gz
        Size/MD5 checksum:  1482711 369f09068839c646aeab691c63a40d67
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_alpha.deb
        Size/MD5 checksum:   861694 ca88e3e550ae01cd8e3ad1a6d6471814
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_alpha.deb
        Size/MD5 checksum:   419320 35838e66e76e99777524aa81741025c8
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_alpha.deb
        Size/MD5 checksum:    61684 b97611c37f53b39941573e6c76609c40
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_amd64.deb
        Size/MD5 checksum:   602656 c4b37895a49dce481ea3c6a8817123c2
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_amd64.deb
        Size/MD5 checksum:    56944 ad12da845e900e3a28c70b9b2baa6d70
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_amd64.deb
        Size/MD5 checksum:   383486 614d4988fd26ccc58dbe1029aacb7930
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_arm.deb
        Size/MD5 checksum:    60386 3400611bc0cba8ea77e4bfbeaa659ac6
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_arm.deb
        Size/MD5 checksum:   664170 d0d17f06931f3e6076aed502e8128d5c
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_arm.deb
        Size/MD5 checksum:   423264 9951b8913a4c6b18b357aead48e53f6c
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_hppa.deb
        Size/MD5 checksum:    62772 676ff7f61ab0ee7629e7fcb59d67cfd5
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_hppa.deb
        Size/MD5 checksum:   494764 15e5da49e21a167088aacebf94a12367
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_hppa.deb
        Size/MD5 checksum:   750722 44a066596efa0bb63b184635d3d9c985
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_i386.deb
        Size/MD5 checksum:   556994 f04d2f9bc41e5703967630adf4e12754
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_i386.deb
        Size/MD5 checksum:   388072 4dabb05ea1d6b72ba61e8877cbad1544
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_i386.deb
        Size/MD5 checksum:    58108 665ce388ee9a74a0d850007beae3051a
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_ia64.deb
        Size/MD5 checksum:   466340 0a9f1874a5ee1d6617da38d4f7417802
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_ia64.deb
        Size/MD5 checksum:    64644 e50afdc379e2ee1cfc63362ca56b6a43
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_ia64.deb
        Size/MD5 checksum:   837798 81cf1be5ab2d124e9dd92a1da9c1c15d
    
    m68k architecture (Motorola Mc680x0)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_m68k.deb
        Size/MD5 checksum:   417132 f5e116fb462b5bdf9ef08211d1c6cd52
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_m68k.deb
        Size/MD5 checksum:    57980 86d8007e4816fffee69ea16c4827ce06
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_m68k.deb
        Size/MD5 checksum:   567256 2d9c3d17625959ab6cc07e4f793ffe1e
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mips.deb
        Size/MD5 checksum:    56452 5d7c6933e70b725863bd0a66c67a55fe
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mips.deb
        Size/MD5 checksum:   386732 9cf45f9a4f2a724ddf59f44722fe65a0
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mips.deb
        Size/MD5 checksum:   646212 b9384991c2c1b2b8e0018b6416d31951
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_mipsel.deb
        Size/MD5 checksum:    56966 35d2052410564a85968bf742f3f68dbf
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_mipsel.deb
        Size/MD5 checksum:   379530 26b3825148616fd2d6dd3cd903a4e977
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_mipsel.deb
        Size/MD5 checksum:   638566 46b77e2b772f5541e1796e7da843a247
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_powerpc.deb
        Size/MD5 checksum:   391192 0b34febe0ebb14c92682c2dbc76771fa
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_powerpc.deb
        Size/MD5 checksum:    58252 19548157c20b44b18caef5d403e14fb7
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_powerpc.deb
        Size/MD5 checksum:   604674 be541b1d6bcc5e80316060186be21d10
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_s390.deb
        Size/MD5 checksum:    56026 b8120c2d0e5be07ddb300af6a60c1faa
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_s390.deb
        Size/MD5 checksum:   370772 ddf6d071ad5aa712420c75a8d2bfb738
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_s390.deb
        Size/MD5 checksum:   556410 ee6ddc10bfbe16de2169fdc0520141b0
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword4_1.5.7-7sarge1_sparc.deb
        Size/MD5 checksum:   371800 65781c2553eb412d5fde41764acda7a4
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.7-7sarge1_sparc.deb
        Size/MD5 checksum:   562484 01aab00a96c2a41a993dda30244bcd39
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.7-7sarge1_sparc.deb
        Size/MD5 checksum:    55892 269c7013235b22bb8f729d1be6afdf14
    
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    
    Source archives:
    
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9.orig.tar.gz
        Size/MD5 checksum:  1806178 346539f31b41015161d8dd0d2f035243
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.diff.gz
        Size/MD5 checksum:    82071 c39c316e9c81e54136eb02f68292c09d
      https://security.debian.org/pool/updates/main/s/sword/sword_1.5.9-2etch1.dsc
        Size/MD5 checksum:     1026 d93f49c3798272c9de84ec6ae5d1cbed
    
    alpha architecture (DEC Alpha)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_alpha.deb
        Size/MD5 checksum:    63862 f5bd3d4b2b9f4d25e4e46bd340be6574
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_alpha.deb
        Size/MD5 checksum:  1083146 9e5c12ac37f74c73de71640dc9123451
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_alpha.deb
        Size/MD5 checksum:   570134 8f0e4a8a277c52f8792fbaaf3832cad4
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_amd64.deb
        Size/MD5 checksum:    60336 bda3b15108b9219d05c912a163aebe3f
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_amd64.deb
        Size/MD5 checksum:   753952 b3317e5f636d51d0d3cb67bea6d8ff66
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_amd64.deb
        Size/MD5 checksum:   522700 c3811d54aaf90d8a1e21f15c5002fd17
    
    arm architecture (ARM)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_arm.deb
        Size/MD5 checksum:   573672 8ffba4012e609e2798d350b38ddbd8c7
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_arm.deb
        Size/MD5 checksum:   766388 55b6d5123ca9b9092032bf9caee98112
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_arm.deb
        Size/MD5 checksum:    63234 958ca4da6586909d9409b40329f39f45
    
    hppa architecture (HP PA RISC)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_hppa.deb
        Size/MD5 checksum:   584080 6f1cc9c15b664ebb74e1cf7e939c4f75
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_hppa.deb
        Size/MD5 checksum:   845330 71c64fedf3e13c7b539f312eb086c49a
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_hppa.deb
        Size/MD5 checksum:    61824 2d469a58a247a92c465580385506f9a7
    
    i386 architecture (Intel ia32)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_i386.deb
        Size/MD5 checksum:   526314 95b5aaff3ccec4dcd1f77e95f6bf2da0
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_i386.deb
        Size/MD5 checksum:   701078 e3c8ec3d6dcfcfae0cddbb618353db36
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_i386.deb
        Size/MD5 checksum:    62206 0a384fecde3e4492fda105eb9d82ce35
    
    ia64 architecture (Intel ia64)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_ia64.deb
        Size/MD5 checksum:    67770 c7296f050f8b6aa8b3716407c1e8bd9e
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_ia64.deb
        Size/MD5 checksum:  1056066 63924aeee34272cb2aa1488ffcb62c49
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_ia64.deb
        Size/MD5 checksum:   652744 4e403c544c3894965f828fa63336d227
    
    mips architecture (MIPS (Big Endian))
    
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mips.deb
        Size/MD5 checksum:   513104 4235aac60a97d5095faa74fcb6f63673
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mips.deb
        Size/MD5 checksum:   808744 5fcc41e803e360838401204ea3d15473
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mips.deb
        Size/MD5 checksum:    59746 c1cbe01f3531e635f30bb2b41b362222
    
    mipsel architecture (MIPS (Little Endian))
    
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_mipsel.deb
        Size/MD5 checksum:   798964 db9f7c30066e22baadbcb732b6eadbf8
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_mipsel.deb
        Size/MD5 checksum:   491160 53790c7e146badd8a45bb46bf5908d7e
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_mipsel.deb
        Size/MD5 checksum:    59656 cbcedf0aa7bed75a0c633367c08b24ea
    
    powerpc architecture (PowerPC)
    
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_powerpc.deb
        Size/MD5 checksum:    61128 e66a08fccc0c312e7ae74296dda033ad
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_powerpc.deb
        Size/MD5 checksum:   777846 579e38653daaddc21914087ad5584b57
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_powerpc.deb
        Size/MD5 checksum:   535186 2f9311708b7d8ec3121831676086f333
    
    s390 architecture (IBM S/390)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_s390.deb
        Size/MD5 checksum:   495200 fc79f7ccbeabbd6e7522918f1b749c75
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_s390.deb
        Size/MD5 checksum:   684810 776d22f572895a62b0a569321a9cbb8d
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_s390.deb
        Size/MD5 checksum:    58638 0c496a1f4ab88f02fd737a30a61939a3
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      https://security.debian.org/pool/updates/main/s/sword/libsword-dev_1.5.9-2etch1_sparc.deb
        Size/MD5 checksum:   689496 0d06108dda2563af38065bc454d1e9ac
      https://security.debian.org/pool/updates/main/s/sword/diatheke_1.5.9-2etch1_sparc.deb
        Size/MD5 checksum:    59264 71c327d607c82faaacbc5a8fe498e8da
      https://security.debian.org/pool/updates/main/s/sword/libsword6_1.5.9-2etch1_sparc.deb
        Size/MD5 checksum:   548874 6c18df8573010673e5a3855ec326604b
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb https://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/49-tis-the-season-of-giving-how-have-you-given-back-to-the-open-source-community?task=poll.vote&format=json
    49
    radio
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"10","type":"x","order":"1","pct":32.26,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":19.35,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":48.39,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.