[20716] in bugtraq
Re: dqs 3.2.7 local root exploit.
daemon@ATHENA.MIT.EDU (Drake Diedrich)
Sat May 19 15:44:55 2001
Date: Sat, 19 May 2001 14:09:39 +1000
From: Drake Diedrich <Drake.Diedrich@anu.edu.au>
To: bugtraq@securityfocus.com
Message-ID: <20010519140939.A30549@duh.anu.edu.au>
Mail-Followup-To: Drake Diedrich <Drake.Diedrich@anu.edu.au>,
bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="oyUTqETQ0mS9luUI"
Content-Disposition: inline
In-Reply-To: <20010519000911.4356.qmail@securityfocus.com>; from dexgod@softhome.net on Sat, May 19, 2001 at 12:09:11AM -0000
--oyUTqETQ0mS9luUI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, May 19, 2001 at 12:09:11AM -0000, dex dex wrote:
>=20
> DESCRIPTION:
> I found a buffer overflow vunerability on the
> /usr/bin/dsh (dqs 3.2.7
> package).
>=20
...
>=20
> This bug was reported to Drake Diedrich, Mantainer
> for dqs
> (Drake.Diedrich@anu.edu.adu).
>=20
I maintain only the Debian packaging of the DQS suite. /usr/bin/dsh can
be entirely removed from a DQS cluster with no ill effects, and was removed
from the Debian packages in early 1998 as part of a general cleanup
of the package. Debian 2.1 (slink) and later are not vulnerable.
The original publisher (SCRI, Florida State University) is no longer
maintaining DQS or employing the original author, but has also refused to
relax distribution restrictions, making it difficult to found a new
developer community.
dqs (3.1.8-2) unstable; urgency=3Dlow
* Summarize and rotate monthly accounting logs
* Replaced /bin/mail with /usr/bin/sendmail
* Made /etc/dqs/conf_file into a configureation file. Changed DQS_BIN.
* Deleted dqs_options, dqs_random, and dsh
* Moved qmaster and dqs_execd to /usr/lib/dqs, edit DQS_BIN in
/etc/dqs/conf_file
* Switched to debhelper from debstd
* Added restart and force-reload to /etc/init.d/dqs
* A million Lintian fixes.
-- Drake Diedrich <Drake.Diedrich@anu.edu.au> Mon, 16 Feb 1998 11:47:04
+1100
--=20
Dr. Drake Diedrich, Head - Information and Communications Unit
John Curtin School of Medical Research, GPO Box 334 Canberra ACT 2601
Voice: +61(2)6125-2528 FAX: +61(2)6125-4823
--oyUTqETQ0mS9luUI
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iQCVAwUBOwXyA9D4/OIVS4ptAQFKjwP/dAbOH7uJ2akj7JhVHCo2qobgG5v7p1Ab
8MWbaf6MojCOUJlHYKpYnhHKwCyWl6UicL3cPCQOkE5fPyarIOOVp9guFn7OR+nh
YYVLOf3/sciJW4UKIVKYqtAppCcnnRdW9ckJAy+D4LZ1pySKcASMs1y4oUgndc3P
xtx6WSn9hy0=
=JRH2
-----END PGP SIGNATURE-----
--oyUTqETQ0mS9luUI--
