Bug 13996 - ppp new security issue CVE-2014-3158
Summary: ppp new security issue CVE-2014-3158
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal major
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/609506/
Whiteboard: MGA3TOO has_procedure advisory mga3-3...
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2014-08-27 20:49 CEST by David Walser
Modified: 2014-09-05 11:08 CEST (History)
1 user (show)

See Also:
Source RPM: ppp-2.4.5-17.mga4.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2014-08-27 20:49:28 CEST 
Fedora has issued an advisory on August 15:
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html

The issue is fixed upstream in 2.4.7.

Fedora also has a patch to fix the issue.

Updated package uploaded for Cauldron.

Patched packages uploaded for Mageia 3 and Mageia 4.

Advisory:
========================

Updated ppp packages fix security vulnerability:

A vulnerability in ppp before 2.4.7 may enable an unprivileged attacker to
access privileged options (CVE-2014-3158).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3158
https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136932.html
========================
Updated packages in core/updates_testing:
========================
ppp-2.4.5-15.3.mga3
ppp-devel-2.4.5-15.3.mga3
ppp-pppoatm-2.4.5-15.3.mga3
ppp-pppoe-2.4.5-15.3.mga3
ppp-radius-2.4.5-15.3.mga3
ppp-dhcp-2.4.5-15.3.mga3
ppp-2.4.5-17.1.mga4
ppp-devel-2.4.5-17.1.mga4
ppp-pppoatm-2.4.5-17.1.mga4
ppp-pppoe-2.4.5-17.1.mga4
ppp-radius-2.4.5-17.1.mga4
ppp-dhcp-2.4.5-17.1.mga4

from SRPMS:
ppp-2.4.5-15.3.mga3.src.rpm
ppp-2.4.5-17.1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-08-27 20:49:35 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 claire robinson 2014-08-31 09:21:37 CEST 
Testing complete mga3 32

Difficult to test thoroughly without a modem connection. Using kppp just to show it in use. It doesn't use it very much though even then, but doesn't give any error.

$ strace -o strace.txt kppp
$ grep -v kppp strace.txt | grep ppp
access("/sbin/pppd", F_OK)              = 0
read(10, "pppd version 2.4.5\n", 4096)  = 19
stat64("/sbin/pppd", {st_mode=S_IFREG|S_ISUID|S_ISVTX|0755, st_size=330236, ...}) = 0

$ urpmf /sbin/pppd
ppp:/usr/sbin/pppd

Whiteboard: MGA3TOO => MGA3TOO has_procedure mga3-32-ok

Comment 2 claire robinson 2014-09-01 17:12:54 CEST 
Testing complete mga4 64 the same as comment 1

Whiteboard: MGA3TOO has_procedure mga3-32-ok => MGA3TOO has_procedure mga3-32-ok mga4-64-ok

Comment 3 claire robinson 2014-09-01 17:20:45 CEST 
Testing complete mga3 64

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok

Comment 4 claire robinson 2014-09-01 17:29:21 CEST 
Testing complete mga4 32

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok

Comment 5 claire robinson 2014-09-01 17:35:39 CEST 
Validating. Advisory from comment 0 uploaded.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

claire robinson 2014-09-02 18:28:35 CEST

Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok

Comment 6 Mageia Robot 2014-09-05 11:08:37 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0368.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.