Debian: 'gnuserv', 'xemacs21' vulnerabilities

    Date09 Mar 2001
    CategoryDebian
    2536
    Posted ByLinuxSecurity Advisories
    Klaus Frank has found a vulnerability in the way gnuserv handled remote connections.
    
    ----------------------------------------------------------------------------
    Debian Security Advisory DSA-042-1                       This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                               Martin Schulze
    March 8, 2001
    ----------------------------------------------------------------------------
    
    Packages       : gnuserv, xemacs21
    Vulnerability  : buffer overflow and weak security
    Type           : remote vulnerability
    Debian-specific: no
    Fixed version  : gnuserv 2.1alpha-5.1 (potato) and 2.1alpha-5.1.1 (unstable)
                     xemacs 21.1.10-5 (potato) and xemacs 21.1.14-1 (unstable)
    
    Klaus Frank has found a vulnerability in the way gnuserv handled
    remote connections.  Gnuserv is a remote control facility for Emacsen
    which is available as standalone program as well as included in
    XEmacs21.  Gnuserv has a buffer for which insufficient boundary checks
    were made.  Unfortunately this buffer affected access control to
    gnuserv which is using a MIT-MAGIC-COOCKIE based system.  It is
    possible to overflow the buffer containing the cookie and foozle
    cookie comparison.
    
    Gnuserv was derived from emacsserver which is part of GNU Emacs.  It's
    was reworked completely and not much is to be left over from its time
    as part of GNU Emacs.  Therefore the versions of emacssserver in both
    Emacs19 and Emacs20 doesn't look vulnerable to this bug, they don't
    even provide a MIT-MAGIC-COOKIE based mechanism.
    
    This could lead into a remote user issue commands under
    the UID of the person running gnuserv.
    
    
    We recommend you upgrade your xemacs21 and gnuserv packages immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 2.2 alias potato
    ------------------------------------
    
      Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
      architectures.
    
    
      Source archives:
    
         http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.diff.gz
          MD5 checksum: 322ac99415fc18dff4fba89b7e9d33e2
         http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.dsc
          MD5 checksum: 1c32ce9a3b447a632405ff2fbf22e068
         http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha.orig.tar.gz
          MD5 checksum: 00295f97203b334c1e0866938a3ced2c
         http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.diff.gz
          MD5 checksum: 73e8ebc9a0c3cb0dfaeb77a9b29c3d15
         http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.dsc
          MD5 checksum: 9561ccc3dc9fa693f18d32899d7ea7fa
         http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10.orig.tar.gz
          MD5 checksum: f0d81a84f002bb7c055a0e821244bbbf
    
      Architecture independent:
    
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-support_21.1.10-5_all.deb
          MD5 checksum: 32e7d8ba231c46c81bf833407826de18
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-supportel_21.1.10-5_all.deb
          MD5 checksum: 8aeb8891623ea08695acfe20c0e1bc59
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21_21.1.10-5_all.deb
          MD5 checksum: 3fd6e13ada6764e2d9022f7abd891d29
    
      Intel ia32 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-i386/gnuserv_2.1alpha-5.1_i386.deb
          MD5 checksum: 8ca49d40223b7957ceaa120c0389c452
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-bin_21.1.10-5_i386.deb
          MD5 checksum: 49c3e9d6d458bcf872c8fdc9c5190d87
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule-canna-wnn_21.1.10-5_i386.deb
          MD5 checksum: b5aa1fe986c19ca6de87fb8a9a0d54a9
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule_21.1.10-5_i386.deb
          MD5 checksum: 7704f26ef1feba21b9efe6eeaa219188
         http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-nomule_21.1.10-5_i386.deb
          MD5 checksum: 908c624bdd867a503cdc11ca8a01b6d8
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-m68k/gnuserv_2.1alpha-5.1_m68k.deb
          MD5 checksum: 0b75ebde7771cf528991ce628bf32237
    
      Sun Sparc architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-sparc/gnuserv_2.1alpha-5.1_sparc.deb
          MD5 checksum: dff7d55ef771e9473d3c74727082b608
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-bin_21.1.10-5_sparc.deb
          MD5 checksum: 69c0d27b079247d30e35807926d20dd2
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule-canna-wnn_21.1.10-5_sparc.deb
          MD5 checksum: d402e35fde19d61ceb3bafe11a28fa16
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule_21.1.10-5_sparc.deb
          MD5 checksum: 7865e5f17dc9dca1121935c95c6eae99
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-nomule_21.1.10-5_sparc.deb
          MD5 checksum: 5fed990482ab774d27d32ca4b7308797
    
      Alpha architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-alpha/gnuserv_2.1alpha-5.1_alpha.deb
          MD5 checksum: c0c2769f62b22c8f24eed97bc47b350a
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-bin_21.1.10-5_alpha.deb
          MD5 checksum: 5b0bae2e1046d8fd1ffc2084a3fe2047
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule-canna-wnn_21.1.10-5_alpha.deb
          MD5 checksum: 1f1761b6d4f959f8816b50e6c2e1a611
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule_21.1.10-5_alpha.deb
          MD5 checksum: 3066ed7a509e790854b953f99c753b5f
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-nomule_21.1.10-5_alpha.deb
          MD5 checksum: 7b86887ccd3879ec6717395873a3b52c
    
      PowerPC architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnuserv_2.1alpha-5.1_powerpc.deb
          MD5 checksum: 128ba2bdd4f6b231af2275c919c9bbae
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-bin_21.1.10-5_powerpc.deb
          MD5 checksum: 1967a6162b77f32bf58f528990972f33
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule-canna-wnn_21.1.10-5_powerpc.deb
          MD5 checksum: 51867ec12d1d08af8e212f722c3a9b9f
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule_21.1.10-5_powerpc.deb
          MD5 checksum: 4e3898da9f797f4c571fa9929efdef22
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-nomule_21.1.10-5_powerpc.deb
          MD5 checksum: 910a72e5201fc31cff2887d9c6e654b8
    
      ARM architecture:
    
         http://security.debian.org/dists/stable/updates/main/binary-arm/gnuserv_2.1alpha-5.1_arm.deb
          MD5 checksum: d320a2e110eb02eeed570d61917c5ef5
         http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-bin_21.1.10-5_arm.deb
          MD5 checksum: 7902fb226cdf3a19e39344fc308a6c14
         http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule-canna-wnn_21.1.10-5_arm.deb
          MD5 checksum: 51875500719629b32973455aa7e5a275
         http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule_21.1.10-5_arm.deb
          MD5 checksum: 9199cdd445d590a22368409c7781a4f1
         http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-nomule_21.1.10-5_arm.deb
          MD5 checksum: 88cb5511e1c5e4ee328dc233421c5731
    
    
      These files will be moved into
       ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.
    
    For not yet released architectures please refer to the appropriate
    directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
    
    ----------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.