Debian: htget arbitrary code execution fix

    Date20 Dec 2004
    CategoryDebian
    6208
    Posted ByJoe Shakespeare
    "infamous41md" discovered a buffer overflow in htget, a file grabber that will get files from HTTP servers. It is possible to overflow a buffer and execute arbitrary code by accessing a malicious URL.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 611-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    December 20th, 2004                     http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : htget
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    CVE ID         : CAN-2004-0852
    
    "infamous41md" discovered a buffer overflow in htget, a file grabber
    that will get files from HTTP servers.  It is possible to overflow a
    buffer and execute arbitrary code by accessing a malicious URL.
    
    For the stable distribution (woody) this problem has been fixed in
    version 0.93-1.1woody1.
    
    This package is not present in the testing and unstable distributions.
    
    We recommend that you upgrade your htget package.
    
    
    Upgrade Instructions
    --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1.dsc
          Size/MD5 checksum:      462 35e77a77cfdfbf194a7ffa72199a0d9c
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1.tar.gz
          Size/MD5 checksum:    30747 5ceb4c71d6a7356ba0c21c535649274c
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_alpha.deb
          Size/MD5 checksum:    19750 574b61323f92ebe875a240530f1841ad
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_arm.deb
          Size/MD5 checksum:    14084 3ce8b4030ae5fe4f6f8906af364f63e1
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_i386.deb
          Size/MD5 checksum:    13650 93e282213c11f4401df7d6f5e01919ee
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_ia64.deb
          Size/MD5 checksum:    20714 11b76a5c8b90880f78d30b474f834ceb
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_hppa.deb
          Size/MD5 checksum:    15278 aa6ed9c4c6163464716389f970597867
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_m68k.deb
          Size/MD5 checksum:    12984 f0337dbb8f3bf291c2051620a7e85498
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_mips.deb
          Size/MD5 checksum:    15346 59e45b51f5285220716362ff668c81fb
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_mipsel.deb
          Size/MD5 checksum:    15356 eebe539aa515993b252a5b3927892f21
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_powerpc.deb
          Size/MD5 checksum:    15200 a8987d09dd743dfa3da8e4d048ce2a4e
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_s390.deb
          Size/MD5 checksum:    14430 0d48f492b6b6b6623652fdc352286790
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/h/htget/htget_0.93-1.1woody1_sparc.deb
          Size/MD5 checksum:    17790 1b78f544092bf5908b2a792a98a544e5
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.