Fedora has issued an advisory on October 22: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069675.html Patched package uploaded for Mageia 1. Advisory: ======================== Updated hardlink package fixes security vulnerabilities: Multiple stack-based buffer overflow flaws were found in the way hardlink, the tool for consolidation of duplicate files via hardlinks, processed directory trees with deeply nested directories. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. Because of the compiler options used to build this in Mageia, exploiting this would only cause a crash (CVE-2011-3630). Multiple integer overflows, leading to heap-based buffer overflows were found in the way hardlink, the tool for consolidation of duplicate files via hardlinks performed string lengths concatenation in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree (with long directory and / or file names), and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable (CVE-2011-3631). It was reported, that hardlink, the tool for consolidation of duplicate files via hardlinks operated on full file system objects path names. A local attacker could use this flaw to conduct symlink attacks (cause the hardlink executable to operate on directories / files outside of the intended directory tree) (CVE-2011-3632). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3631 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3632 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069675.html ======================== Updated packages in core/updates_testing: ======================== hardlink-1.0-11.1.mga1 from hardlink-1.0-11.1.mga1.src.rpm
Testing complete on Mageia 1 i586. No poc, just testing that it works. $ /usr/sbin/hardlink -vv . Linked ./file4 to ./file1, saved 1024 Linked ./file4 to ./file2, saved 1024 Linked ./file4 to ./file3, saved 1024 Directories 1 Objects 5 IFREG 4 Comparisons 3 Linked 3 saved 12288 I was surprised that it was in /usr/sbin, instead of /usr/bin, but it looks like that's how it was before. I'll test Mageia 1 x86-64 shortly.
CC: (none) => davidwhodginsWhiteboard: (none) => MGA1-32-OK
Testing complete on Mageia 1 x86-64. Could someone from the sysadmin team push the srpm hardlink-1.0-11.1.mga1.src.rpm from Mageia 1 Core Updates Testing to Core Updates. Advisory: Updated hardlink package fixes security vulnerabilities: Multiple stack-based buffer overflow flaws were found in the way hardlink, the tool for consolidation of duplicate files via hardlinks, processed directory trees with deeply nested directories. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. Because of the compiler options used to build this in Mageia, exploiting this would only cause a crash (CVE-2011-3630). Multiple integer overflows, leading to heap-based buffer overflows were found in the way hardlink, the tool for consolidation of duplicate files via hardlinks performed string lengths concatenation in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree (with long directory and / or file names), and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable (CVE-2011-3631). It was reported, that hardlink, the tool for consolidation of duplicate files via hardlinks operated on full file system objects path names. A local attacker could use this flaw to conduct symlink attacks (cause the hardlink executable to operate on directories / files outside of the intended directory tree) (CVE-2011-3632). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3630 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3631 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3632 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069675.html https://bugs.mageia.org/show_bug.cgi?id=7005
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA1-32-OK => MGA1-32-OK MGA1-64-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0221
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED