Debian: canna remote exploit

    Date02 Jul 2000
    CategoryDebian
    3028
    Posted ByLinuxSecurity Advisories
    Buffer overflow has been fixed for Debian GNU/Linux 2.1
    -----BEGIN PGP SIGNED MESSAGE-----
    
    - ------------------------------------------------------------------------
    Debian Security Advisory                             This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Wichert Akkerman
    July  2, 2000
    - ------------------------------------------------------------------------
    
    
    Package        : canna
    Problem type   : remote exploit
    Debian-specific: no
    
    The canna package as distributed in Debian GNU/Linux 2.1 can be
    remotely exploited to gain access. This could be done by overflowing
    a buffer by sending a SR_INIT command with a very long usernamd or
    groupname.
    
    This has been fixed in version 3.5b2-24slink1, and recommend that you
    upgrade your canna package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    Debian GNU/Linux 2.1 alias slink
    - --------------------------------
    
      This version of Debian was released only for Intel, the Motorola
      680x0, the alpha and the Sun sparc architecture.
    
      The packages for the Sun sparc architecture are not available at
      this moment; they will be announced on http://security.debian.org/
      when they are.
    
      Source archives:
        http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.diff.gz
          MD5 checksum: 7220bdad24aa3be2fdfc4f1bfd978235
        http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.dsc
          MD5 checksum: b62f0558dc852ed61930157236622e3d
        http://security.debian.org/dists/stable/updates/source/canna_3.5b2.orig.tar.gz
          MD5 checksum: 5e1d8527d397c3914ce6104dac3db466
    
      Alpha architecture:
        http://security.debian.org/dists/stable/updates/binary-alpha/canna-utils_3.5b2-24slink1_alpha.deb
          MD5 checksum: b9318bb7dcb1936c3d16c54f8c799564
        http://security.debian.org/dists/stable/updates/binary-alpha/canna_3.5b2-24slink1_alpha.deb
          MD5 checksum: 1bcbbd1c4ad3146d66b2ca10b4914ccf
        http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g-dev_3.5b2-24slink1_alpha.deb
          MD5 checksum: 05df65c96e2adfc6d1cde593ef76ca33
        http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g_3.5b2-24slink1_alpha.deb
          MD5 checksum: b1e30d11faaccbf0014c42e56949c87c
    
      Intel ia32 architecture:
        http://security.debian.org/dists/stable/updates/binary-i386/canna-utils_3.5b2-24slink1_i386.deb
          MD5 checksum: 45705fd8a8d230d3dd0094707eb2fac3
        http://security.debian.org/dists/stable/updates/binary-i386/canna_3.5b2-24slink1_i386.deb
          MD5 checksum: c15a54507be2fc745d55718efbae4f74
    
      Motorola 680x0 architecture:
        http://security.debian.org/dists/stable/updates/binary-m68k/canna-utils_3.5b2-24slink1_m68k.deb
          MD5 checksum: aa0ef7ffe8ca29a99ba882513dd29888
        http://security.debian.org/dists/stable/updates/binary-m68k/canna_3.5b2-24slink1_m68k.deb
          MD5 checksum: 4069ed58591b44a5c670fd0a91e77ae1
        http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g-dev_3.5b2-24slink1_m68k.deb
          MD5 checksum: 005a4f8f6dbdafc1f1ccdc8443ddc8ad
        http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g_3.5b2-24slink1_m68k.deb
          MD5 checksum: 5aff2c0b7b089900faff113ce8a0abab
    
    
      These files will be moved into
      ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    Debian GNU/Linux 2.2 alias potato
    - ---------------------------------
    
      Please note that potato has not been released yet. However since it is in
      the final stages of the release process security updates are already being
      distributed.
    
      The updated packages for potato have already been installed in the
      archive. 
    
    For not yet released architectures please refer to the appropriate
    directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    - -- 
    - ----------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable updates
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.3ia
    Charset: noconv
    
    iQB1AwUBOV9E7qjZR/ntlUftAQFv5QL9H3s/REAWPFBBj8XsAIQNUOWoqD3LhSXt
    csdcD5gKmeV8QKsZsvmS819cq3IW7nF+ORJjgpNzKKkd0fRE1/9io1POqu5CjbAP
    h82uUG1LRWMD9z/YY80wDtbzNuXQYygh
    =ZphM
    -----END PGP SIGNATURE-----
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.