debian/0000755000000000000000000000000013370362121007164 5ustar debian/changelog0000644000000000000000000000230113370362121011032 0ustar mactelnet (0.4.0-1+deb8u1build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian -- Mike Salvatore Tue, 06 Nov 2018 13:58:25 -0500 mactelnet (0.4.0-1+deb8u1) jessie; urgency=low * Backported bugfix of CVE 2016-7115 (closes: 836320) -- Håkon Nessjøen Sun, 10 Sep 2016 23:11:32 +0200 mactelnet (0.4.0-1) unstable; urgency=low * Upstream release 0.4.0 * Updated copyright file with correct license information. * Updated copyright file with new format version. -- Håkon Nessjøen Tue, 21 Jul 2012 10:11:12 +0100 mactelnet (0.3.4-1) unstable; urgency=low * Upstream release 0.3.4 * Added librt as dependancy for kfreebsd platform. -- Håkon Nessjøen Tue, 21 Nov 2011 18:44:52 +0100 mactelnet (0.3.2-2) unstable; urgency=low * Fixed a problem where the init script was unable to stop mactelnet-server. -- Håkon Nessjøen Tue, 10 Nov 2011 20:41:03 +0100 mactelnet (0.3.2-1) unstable; urgency=low * Initial release (Closes: #615823) -- Håkon Nessjøen Tue, 01 Nov 2011 16:33:22 +0100 debian/compat0000644000000000000000000000000212001362330010352 0ustar 7 debian/rules0000755000000000000000000000150212001362435010240 0ustar #!/usr/bin/make -f DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) # These are used for cross-compiling and for saving the configure script # from having to guess our platform (since we know it already) DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) CFLAGS := $(shell dpkg-buildflags --get CFLAGS) $(shell dpkg-buildflags --get CPPFLAGS) LDFLAGS := $(shell dpkg-buildflags --get LDFLAGS) ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) CC=$(DEB_HOST_GNU_TYPE)-gcc LD=$(DEB_HOST_GNU_TYPE)-ld export CC LD endif # librt only needed on kfreebsd ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) LIBS := -lrt endif export CFLAGS export LDFLAGS export LIBS %: dh $@ override_dh_fixperms: dh_fixperms --exclude mactelnetd.users debian/mactelnet-server.default0000644000000000000000000000061112001362330014000 0ustar # Defaults for mactelnet-server initscript # sourced by /etc/init.d/mactelnet-server # installed at /etc/default/mactelnet-server by the maintainer scripts # # This is a POSIX shell fragment # # Disable daemon by setting the next parameter to yes ENABLED=yes # Additional options that are passed to the Daemon. # Read manual page for mactelnetd(1) for options descriptions DAEMON_OPTS="-n" debian/patches/0000755000000000000000000000000012765073404010625 5ustar debian/patches/CVE-2016-7115.patch0000644000000000000000000000305712765073404013251 0ustar --- a/mactelnet.c +++ b/mactelnet.c @@ -75,7 +75,7 @@ static int keepalive_counter = 0; -static unsigned char encryptionkey[128]; +static unsigned char pass_salt[16]; static char username[255]; static char password[255]; static char nonpriv_username[255]; @@ -191,18 +191,21 @@ char *terminal = getenv("TERM"); char md5data[100]; unsigned char md5sum[17]; - int plen; + int plen, act_pass_len; md5_state_t state; - /* Concat string of 0 + password + encryptionkey */ + /* calculate the actual password's length */ + act_pass_len = strnlen(password, 82); + + /* Concat string of 0 + password + pass_salt */ md5data[0] = 0; - strncpy(md5data + 1, password, 82); - md5data[83] = '\0'; - memcpy(md5data + 1 + strlen(password), encryptionkey, 16); + memcpy(md5data + 1, password, act_pass_len); + /* in case that password is long, calculate only using the used-up parts */ + memcpy(md5data + 1 + act_pass_len, pass_salt, 16); /* Generate md5 sum of md5data with a leading 0 */ md5_init(&state); - md5_append(&state, (const md5_byte_t *)md5data, strlen(password) + 17); + md5_append(&state, (const md5_byte_t *)md5data, 1 + act_pass_len + 16); md5_finish(&state, (md5_byte_t *)md5sum + 1); md5sum[0] = 0; @@ -279,9 +282,9 @@ while (success) { - /* If we receive encryptionkey, transmit auth data back */ + /* If we receive pass_salt, transmit auth data back */ if (cpkt.cptype == MT_CPTYPE_ENCRYPTIONKEY) { - memcpy(encryptionkey, cpkt.data, cpkt.length); + memcpy(pass_salt, cpkt.data, 16); send_auth(username, password); } debian/patches/series0000644000000000000000000000002412765073404012036 0ustar CVE-2016-7115.patch debian/control0000644000000000000000000000263412001362425010571 0ustar Source: mactelnet Section: net Priority: extra Maintainer: Håkon Nessjøen Build-Depends: debhelper (>= 8.1.2~) Standards-Version: 3.9.3 Homepage: https://github.com/haakonnessjoen/MAC-Telnet/downloads Vcs-Git: git://github.com/haakonnessjoen/MACTelnet-Debian-Packaging.git Vcs-Browser: https://github.com/haakonnessjoen/MACTelnet-Debian-Packaging Package: mactelnet-client Architecture: linux-any kfreebsd-any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Console tools for telneting and pinging via MAC addresses Ping, discovery and telnet tools for connecting to Mikrotik RouterOS devices, or other MAC-Telnetd powered machines/devices. . This tool can communicate over the local area network using UDP packets with a MAC-address as destination. You can telnet Linux machines that have installed mactelnet-server, or a Mikrotik RouterOS device. . Uses Mikrotik's own proprietary protocol. Included are also MNDP discovery application, and macping to ping via the mactelnet protocol. Package: mactelnet-server Architecture: linux-any kfreebsd-any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Telnet daemon for accepting connections via MAC addresses This is a telnet daemon that uses Mikrotiks proprietary MAC-Telnet protocol. You will be enabled to "mac-telnet" from Linux machines with mactelnet-client or Mikrotik RouterOS devices which already has tools for this. debian/source/0000755000000000000000000000000012001362330010454 5ustar debian/source/format0000644000000000000000000000001412001362330011662 0ustar 3.0 (quilt) debian/mactelnet-server.lintian-overrides0000644000000000000000000000012212001362330016007 0ustar mactelnet-server binary: non-standard-file-perm etc/mactelnetd.users 0600 != 0644 debian/copyright0000644000000000000000000000403612002461416011120 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: MAC-Telnet Source: https://github.com/haakonnessjoen/MAC-Telnet/ Files: * Copyright: Copyright 2011 Håkon Nessjøen License: GPL-2+ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. . This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. . You should have received a copy of the GNU General Public License along with this package; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA . On Debian systems, the full text of the GNU General Public License version 2 can be found in the file `/usr/share/common-licenses/GPL-2'. Files: md5.* Copyright: Copyright (C) 1999, 2000, 2002 Aladdin Enterprises. All rights reserved. License: Zlib This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. . Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: . 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. . L. Peter Deutsch ghost@aladdin.com debian/mactelnet-server.install0000644000000000000000000000006412001362330014024 0ustar /etc/* /usr/sbin/* /usr/share/man/man1/mactelnetd.1 debian/watch0000644000000000000000000000007412001362330010206 0ustar version=3 http://lunatic.no/mactelnet/mactelnet-(.*).tar.gz debian/mactelnet-client.install0000644000000000000000000000021312001362330013770 0ustar /usr/bin/mactelnet /usr/bin/macping /usr/bin/mndp /usr/share/man/man1/mactelnet.1 /usr/share/man/man1/macping.1 /usr/share/man/man1/mndp.1 debian/mactelnet-server.init0000644000000000000000000001020212001362330013314 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: mactelnet-server # Required-Start: $network $local_fs $remote_fs # Required-Stop: $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Telnet daemon for Mikrotik Mac-Telnet protocol # Description: A daemon accepting telnet connections even without ip-address on # your interface, using MAC address as the address. ### END INIT INFO # Author: Håkon Nessjøen # PATH should only include /usr/* if it runs after the mountnfs.sh script PATH=/sbin:/usr/sbin:/bin:/usr/bin DESC=mactelnetd NAME=mactelnet-server DAEMON=/usr/sbin/mactelnetd DAEMON_ARGS="" PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME # Exit if the package is not installed [ -x $DAEMON ] || exit 0 # Read configuration variable file if it is present [ -r /etc/default/$NAME ] && . /etc/default/$NAME DAEMON_ARGS="${DAEMON_ARGS} ${DAEMON_OPTS}" # Load the VERBOSE setting and other rcS variables . /lib/init/vars.sh # Define LSB log_* functions. # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions # # Function that starts the daemon/service # do_start() { # Return # 0 if daemon has been started # 1 if daemon was already running # 2 if daemon could not be started if [ "$ENABLED" = no ]; then log_daemon_msg "Cannot start $DESC, please configure /etc/default/$NAME" "$NAME" return 2 fi start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ || return 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ $DAEMON_ARGS \ || return 2 echo `pidof mactelnetd` > $PIDFILE } # # Function that stops the daemon/service # do_stop() { # Return # 0 if daemon has been stopped # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --exec $DAEMON RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 # Wait for children to finish too if this is a daemon that forks # and if the daemon is only ever run from this initscript. # If the above conditions are not satisfied then add some other code # that waits for the process to drop all resources that could be # needed by services started subsequently. A last resort is to # sleep for some time. start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON [ "$?" = 2 ] && return 2 # Many daemons don't delete their pidfiles when they exit. rm -f $PIDFILE return "$RETVAL" } # # Function that sends a SIGHUP to the daemon/service # do_reload() { # # If the daemon can reload its configuration without # restarting (for example, when it is sent a SIGHUP), # then implement that here. # start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME return 0 } case "$1" in start) [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" do_start case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; stop) [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" do_stop case "$?" in 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; esac ;; status) status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? ;; #reload|force-reload) # # If do_reload() is not implemented then leave this commented out # and leave 'force-reload' as an alias for 'restart'. # #log_daemon_msg "Reloading $DESC" "$NAME" #do_reload #log_end_msg $? #;; restart|force-reload) # # If the "reload" option is implemented then remove the # 'force-reload' alias # log_daemon_msg "Restarting $DESC" "$NAME" do_stop case "$?" in 0|1) do_start case "$?" in 0) log_end_msg 0 ;; 1) log_end_msg 1 ;; # Old process is still running *) log_end_msg 1 ;; # Failed to start esac ;; *) # Failed to stop log_end_msg 1 ;; esac ;; *) #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 exit 3 ;; esac :