From 498e09b9611d70e36841cff35ab764037b7ac0b8 Mon Sep 17 00:00:00 2001 From: Peter Volkov Date: Mon, 15 Sep 2008 17:28:02 +0000 Subject: Fix insecure temporary file creation: CVE-2008-3928, bug #237481, thank Robert Buchholz for report. (Portage version: 2.2_rc8/cvs/Linux 2.6.26-gentoo i686) --- net-analyzer/honeyd/ChangeLog | 11 +++- .../honeyd/files/honeyd-1.5c-CVE-2008-3928.patch | 20 +++++++ net-analyzer/honeyd/honeyd-1.5c-r1.ebuild | 70 ++++++++++++++++++++++ 3 files changed, 99 insertions(+), 2 deletions(-) create mode 100644 net-analyzer/honeyd/files/honeyd-1.5c-CVE-2008-3928.patch create mode 100644 net-analyzer/honeyd/honeyd-1.5c-r1.ebuild (limited to 'net-analyzer/honeyd') diff --git a/net-analyzer/honeyd/ChangeLog b/net-analyzer/honeyd/ChangeLog index a670472d5749..79a2f321c5fb 100644 --- a/net-analyzer/honeyd/ChangeLog +++ b/net-analyzer/honeyd/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-analyzer/honeyd -# Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-analyzer/honeyd/ChangeLog,v 1.34 2007/12/13 11:00:46 pva Exp $ +# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/honeyd/ChangeLog,v 1.35 2008/09/15 17:28:01 pva Exp $ + +*honeyd-1.5c-r1 (15 Sep 2008) + + 15 Sep 2008; Peter Volkov + +files/honeyd-1.5c-CVE-2008-3928.patch, +honeyd-1.5c-r1.ebuild: + Fix insecure temporary file creation: CVE-2008-3928, bug #237481, thank + Robert Buchholz for report. 13 Dec 2007; -honeyd-1.5b.ebuild, honeyd-1.5c.ebuild: Updated dependency: >=libevent-1.2, bug #199905, reported by Luc Stepniewski diff --git a/net-analyzer/honeyd/files/honeyd-1.5c-CVE-2008-3928.patch b/net-analyzer/honeyd/files/honeyd-1.5c-CVE-2008-3928.patch new file mode 100644 index 000000000000..2813fdad1537 --- /dev/null +++ b/net-analyzer/honeyd/files/honeyd-1.5c-CVE-2008-3928.patch @@ -0,0 +1,20 @@ +=== modified file 'scripts/test.sh' +--- scripts/test.sh 2008-09-15 14:25:25 +0000 ++++ scripts/test.sh 2008-09-15 14:26:26 +0000 +@@ -1,8 +1,13 @@ ++#!/bin/sh ++# Test script for Honeyd + DATE=`date` +-echo "$DATE: Started From $1 Port $2" >> /tmp/log ++LOGDIR=/var/log/honeypot/ ++[ ! -e "$LOGDIR" ] && LOGDIR=/tmp ++LOGFILE=$LOGDIR/log_test ++echo "$DATE: Started From $1 Port $2" >> $LOGFILE + echo SSH-1.5-2.40 + while read name + do +- echo "$name" >> /tmp/log ++ echo "$name" >> $LOGFILE + echo "$name" + done + diff --git a/net-analyzer/honeyd/honeyd-1.5c-r1.ebuild b/net-analyzer/honeyd/honeyd-1.5c-r1.ebuild new file mode 100644 index 000000000000..e82c44317731 --- /dev/null +++ b/net-analyzer/honeyd/honeyd-1.5c-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-analyzer/honeyd/honeyd-1.5c-r1.ebuild,v 1.1 2008/09/15 17:28:01 pva Exp $ + +inherit eutils + +DESCRIPTION="Honeyd is a small daemon that creates virtual hosts on a network" +HOMEPAGE="http://www.honeyd.org/" +SRC_URI="http://www.citi.umich.edu/u/provos/honeyd/${P}.tar.gz + http://www.tracking-hackers.com/solutions/honeyd/honeyd-0.7a-beta2.tgz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~sparc ~x86" +IUSE="doc" + +DEPEND="net-libs/libpcap + dev-libs/libdnet + >=dev-libs/libevent-1.2 + dev-libs/libdnsres + dev-libs/libpcre + sys-libs/zlib" + +src_unpack() { + unpack ${A} + cd "${S}" + sed -i "s:^CFLAGS = -O2:CFLAGS = ${CFLAGS}:g" Makefile.in || die "sed failed" + epatch "${FILESDIR}"/${P}-CVE-2008-3928.patch +} + +src_compile() { + econf --with-libdnet=/usr + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + + dodoc README && rm "${D}"/usr/share/honeyd/README || die "README" + + insinto /etc + newins config.sample honeyd.conf || die "failed to install honeyd.conf" + + newinitd "${FILESDIR}"/${PN}.initd ${PN} || die + newconfd "${FILESDIR}"/${PN}.confd ${PN} || die + + rm "${D}"/usr/bin/honeyd + dosbin honeyd || die "dosbin failed" + + # This adds all the services and example configurations collected + # by Lance Spitzer + + # Install the white-papers if 'doc' USE flags are specified + use doc && dodoc "${WORKDIR}"/honeyd-0.7a-beta2/contrib/* + + cp -R scripts "${D}"/usr/share/honeyd/ + + # Install the example configurations + cd "${WORKDIR}"/honeyd-0.7a-beta2 + dodoc honeyd.conf nmap.prints nmap.assoc pf.os xprobe2.conf + dodoc honeyd.conf.simple honeyd.conf.bloat nmap.prints.new + dodoc xprobe2.conf.new honeyd.conf.networks + + # Install all the example scripts + cp -R scripts "${D}"/usr/share/honeyd/ + find "${D}"/usr/share/honeyd/scripts \ + -type f -name '*.sh' -o -name '*.pl' -exec chmod +x {} \; + + keepdir /var/log/honeypot/ # if removed security #237481 comes back +} -- cgit v1.2.3-65-gdbad