Linux Security
    Linux Security
    Linux Security

    Debian: fsp Buffer overflow/Directory traversal vulns.

    Posted By
    A remote user could both escape from the FSP root directory, and also overflow a fixed-length buffer to execute arbitrary code.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 416-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    January 6th, 2004              
    - --------------------------------------------------------------------------
    Package        : fsp
    Vulnerability  : buffer overflow, directory traversal
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-1022 CAN-2004-0011
    A vulnerability was discovered in fsp whereby a remote user could both
    escape from the FSP root directory (CAN-2003-1022), and also overflow
    a fixed-length buffer to execute arbitrary code (CAN-2004-0011).
    For the current stable distribution (woody) this problem has been
    fixed in version 2.81.b3-3.1woody1.
    For the unstable distribution, this problem is fixed in version
    We recommend that you update your fsp package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      562 210afdf9311b68661ffce1845593c161
          Size/MD5 checksum:     9424 8fcfe9d2fe93b4699622339bcd285814
          Size/MD5 checksum:   153497 f75d7a4385a4c058a607c754ac71d391
      Alpha architecture:
          Size/MD5 checksum:   140952 41961172ea11739620c02041d9ac1682
          Size/MD5 checksum:    44686 36e440b5f80cc49988ced87d777440c5
      ARM architecture:
          Size/MD5 checksum:    94096 75a16b2d09774fb86689ff6087379b3a
          Size/MD5 checksum:    41550 c20f83ccc7fac855a38eca95d84c189e
      Intel IA-32 architecture:
          Size/MD5 checksum:    96912 d176a81082e3c93ae22c3f98af721f98
          Size/MD5 checksum:    41150 c93998b449c4d7c54a04d3132e9deef6
      Intel IA-64 architecture:
          Size/MD5 checksum:   238826 b8874466539abb3e09e6377a41d8ff7b
          Size/MD5 checksum:    49826 ac396095cfd2d62283e5154e7be39957
      HP Precision architecture:
          Size/MD5 checksum:   111128 b329a823e272e23711b158829977c95c
          Size/MD5 checksum:    42890 a45105977c7a636cbb48ad72fdd7254f
      Motorola 680x0 architecture:
          Size/MD5 checksum:    91458 2170ae6d187df603d655b2c98d9b1aec
          Size/MD5 checksum:    39924 d705a9932b99ba0b2cf2f82a74c5b165
      Big endian MIPS architecture:
          Size/MD5 checksum:   163602 2106a47347911142625600703030bf50
          Size/MD5 checksum:    42576 ca4d43f4d76b4f1332095062028e2863
      Little endian MIPS architecture:
          Size/MD5 checksum:   163818 affb2aeb7f9f55e318f5d8d7f2cf59e6
          Size/MD5 checksum:    42848 c042c776ed1d766e8e191b8a0d27b992
      PowerPC architecture:
          Size/MD5 checksum:   102520 a92ce176c1147b9f0f2e57f682e1e709
          Size/MD5 checksum:    41430 c04eecb7650c98b7389319f0eab0e2f4
      IBM S/390 architecture:
          Size/MD5 checksum:    97034 a00d2868fdf1ff4a919a972a82d214c9
          Size/MD5 checksum:    41264 61ce6593c4e00cea608a8970f1025205
      Sun Sparc architecture:
          Size/MD5 checksum:   122294 3c19235a36260a3419b152a60012ecb2
          Size/MD5 checksum:    43712 a9700b7c5802a14f11a46c3d17ea9b48
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.