Debian: cadaver Heap overflow vulnerability

    Date19 May 2004
    CategoryDebian
    1892
    Posted ByLinuxSecurity Advisories
    User input is copied into variables not large enough for all cases. This can lead to an overflow of a static heap variable.
    
    Debian Security Advisory DSA 507-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    May 19th, 2004                           http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : cadaver
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0398
    
    Stefan Esser discovered a problem in neon, an HTTP and WebDAV client
    library, which is also present in cadaver, a command-line client for
    WebDAV server.  User input is copied into variables not large enough
    for all cases.  This can lead to an overflow of a static heap
    variable.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.18.0-1woody3.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.22.1-3.
    
    We recommend that you upgrade your cadaver package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3.dsc
          Size/MD5 checksum:      668 cc085f1e27ca315d3443c7e536c9b349
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3.diff.gz
          Size/MD5 checksum:     1674 d60b429cc57107856ffd180f3cb2836f
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0.orig.tar.gz
          Size/MD5 checksum:   405643 40fc8cf38c71b2f74692a91ba891845b
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_alpha.deb
          Size/MD5 checksum:   102242 3b45e150425b73405453f03c2e45f63b
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_arm.deb
          Size/MD5 checksum:    83448 1a8f45defcd34ef51b3cb678e3106d27
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_i386.deb
          Size/MD5 checksum:    81472 e5476b51ea6efbcff662258effdfd5ee
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_ia64.deb
          Size/MD5 checksum:   125782 7b7dbd87a96e73ef3116c22c406d4bbb
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_hppa.deb
          Size/MD5 checksum:    96250 f37a834f4a1cb9e80d36e50188e1bddf
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_m68k.deb
          Size/MD5 checksum:    77522 c1c630fba52ac06d9e54a35d31922fb6
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_mips.deb
          Size/MD5 checksum:    95090 e74a612892d09b1e80fdc2129497bc6a
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_mipsel.deb
          Size/MD5 checksum:    94924 51eae2cf3b195cb7f25ec7b685bf18d2
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_powerpc.deb
          Size/MD5 checksum:    87566 43894c27a77b6e5e64224aec283f1a39
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_s390.deb
          Size/MD5 checksum:    84718 3787dd1d00c5b415822b3ec9763bbec9
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/c/cadaver/cadaver_0.18.0-1woody3_sparc.deb
          Size/MD5 checksum:    84288 13421f421d7a8f712b7047d6d69de01c
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.