Debian: fsp Buffer overflow/Directory traversal vulns.

    Date07 Jan 2004
    CategoryDebian
    1885
    Posted ByLinuxSecurity Advisories
    A remote user could both escape from the FSP root directory, and also overflow a fixed-length buffer to execute arbitrary code.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 416-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    January 6th, 2004                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : fsp
    Vulnerability  : buffer overflow, directory traversal
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2003-1022 CAN-2004-0011
    
    A vulnerability was discovered in fsp whereby a remote user could both
    escape from the FSP root directory (CAN-2003-1022), and also overflow
    a fixed-length buffer to execute arbitrary code (CAN-2004-0011).
    
    For the current stable distribution (woody) this problem has been
    fixed in version 2.81.b3-3.1woody1.
    
    For the unstable distribution, this problem is fixed in version
    2.81.b18-1.
    
    We recommend that you update your fsp package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1.dsc
          Size/MD5 checksum:      562 210afdf9311b68661ffce1845593c161
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1.diff.gz
          Size/MD5 checksum:     9424 8fcfe9d2fe93b4699622339bcd285814
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3.orig.tar.gz
          Size/MD5 checksum:   153497 f75d7a4385a4c058a607c754ac71d391
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_alpha.deb
          Size/MD5 checksum:   140952 41961172ea11739620c02041d9ac1682
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_alpha.deb
          Size/MD5 checksum:    44686 36e440b5f80cc49988ced87d777440c5
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_arm.deb
          Size/MD5 checksum:    94096 75a16b2d09774fb86689ff6087379b3a
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_arm.deb
          Size/MD5 checksum:    41550 c20f83ccc7fac855a38eca95d84c189e
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_i386.deb
          Size/MD5 checksum:    96912 d176a81082e3c93ae22c3f98af721f98
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_i386.deb
          Size/MD5 checksum:    41150 c93998b449c4d7c54a04d3132e9deef6
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_ia64.deb
          Size/MD5 checksum:   238826 b8874466539abb3e09e6377a41d8ff7b
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_ia64.deb
          Size/MD5 checksum:    49826 ac396095cfd2d62283e5154e7be39957
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_hppa.deb
          Size/MD5 checksum:   111128 b329a823e272e23711b158829977c95c
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_hppa.deb
          Size/MD5 checksum:    42890 a45105977c7a636cbb48ad72fdd7254f
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_m68k.deb
          Size/MD5 checksum:    91458 2170ae6d187df603d655b2c98d9b1aec
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_m68k.deb
          Size/MD5 checksum:    39924 d705a9932b99ba0b2cf2f82a74c5b165
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_mips.deb
          Size/MD5 checksum:   163602 2106a47347911142625600703030bf50
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_mips.deb
          Size/MD5 checksum:    42576 ca4d43f4d76b4f1332095062028e2863
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_mipsel.deb
          Size/MD5 checksum:   163818 affb2aeb7f9f55e318f5d8d7f2cf59e6
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_mipsel.deb
          Size/MD5 checksum:    42848 c042c776ed1d766e8e191b8a0d27b992
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_powerpc.deb
          Size/MD5 checksum:   102520 a92ce176c1147b9f0f2e57f682e1e709
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_powerpc.deb
          Size/MD5 checksum:    41430 c04eecb7650c98b7389319f0eab0e2f4
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_s390.deb
          Size/MD5 checksum:    97034 a00d2868fdf1ff4a919a972a82d214c9
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_s390.deb
          Size/MD5 checksum:    41264 61ce6593c4e00cea608a8970f1025205
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/f/fsp/fsp_2.81.b3-3.1woody1_sparc.deb
          Size/MD5 checksum:   122294 3c19235a36260a3419b152a60012ecb2
         http://security.debian.org/pool/updates/main/f/fsp/fspd_2.81.b3-3.1woody1_sparc.deb
          Size/MD5 checksum:    43712 a9700b7c5802a14f11a46c3d17ea9b48
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.