CVE-2007-5300 remote denial of service

I'll add some debdiffs for all supported releases.
Gutsy first, because it's 5 to 12pm ;)

This debdiff will fix

CVE-2007-0428
(under review)

Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.

as well

this debdiff will fix

CVE-2007-0428
(under review)

Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.

as well

This debdiff will fix

CVE-2007-0428
(under review)

Learn more at National Vulnerability Database (NVD)
• Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Unspecified vulnerability in the chtbl_lookup function in hash.c for WzdFTPD 8.0 and earlier allows remote attackers to cause a denial of service via a crafted FTP command, probably due to a NULL pointer dereference.

as well

Hi! Thanks for getting these prepared. It seems that this package uses dpatch for patches. Your feisty diff includes both in and out of dpatch patches, and dapper and edgy lack dpatch at all. (Also, the gutsy/feisty fixes for wzd_protocol.c, are these accidentally missing in edgy/dapper?)

Thanks!

Hi Kees,

damn...I knew I made a mistake with the feisty stuff...let me fix it.
Dapper and Edgy do have dpatch as build-dep but don't use it anywhere.
Feisty and Gutsy are using dpatch for sure.

libwzd-core/wzd_protocol.c is not in the versions of dapper and edgy.
The fixed part in dapper and edgy are libwzd-core/wzd_ClientThread.c

So, the only thing still left is feisty...

Should I remove the dpatch from build-deps in dapper and edgy?

Regards,

\sh

wzdftpd (0.8.2-2ubuntu2) gutsy; urgency=high

  * debian/patches/90_CVE-2007-5300_off_by_one_fix.dpatch:
    Fix off-by-one in wzd_login.c which leads to a remote
    denial of service vulnerability (CVE-2007-5300) (LP: #151946)
    (Fix provided by Nico Golde <email address hidden>)

 -- Stephan Hermann <email address hidden> Fri, 12 Oct 2007 13:56:32 +0200

hi Kees,

this is the fixed debdiff for feisty

Thx for your work :)

\sh

> damn...I knew I made a mistake with the feisty stuff...let me fix it.
> Dapper and Edgy do have dpatch as build-dep but don't use it anywhere.

I think it works -- they just have no debian/patches directory. It
looks like the debian/rules file uses it correctly ("patch", "unpatch"
are called). Go ahead and add the directory and the patch there.
That'll make a clean update for future fixes too.

> Feisty and Gutsy are using dpatch for sure.
>
> libwzd-core/wzd_protocol.c is not in the versions of dapper and edgy.
> The fixed part in dapper and edgy are libwzd-core/wzd_ClientThread.c

Ah-ha, that explains it. :)

> Should I remove the dpatch from build-deps in dapper and edgy?

No, dpatch is required for the build; dapper and edgy just happen to not
have any patches (yet).

Thanks!

hi Kees,

could it be that you accidently forgot to upload dapper, edgy and feisty after I fixed feisty?
dapper and edgy are still functional...

Regards,

\sh

Sorry for the delay. These have been uploaded to the security queue and should be published shortly.