-----BEGIN PGP SIGNED MESSAGE-----

- ----------------------------------------------------------------------------
Debian Security Advisory                                 security@debian.org
http://www.debian.org/security/                            Daniel Jacobowitz
June  5, 2000
- ----------------------------------------------------------------------------

Package: mailx
Vulnerability: local exploit
Debian-specific: no

The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as
well as in the frozen (potato) and unstable (woody) distributions is
vulnerable to a local buffer overflow while sending messages.  This could be
exploited to give a shell running with group "mail".

This has been fixed in version 8.1.1-10.1, and we recommend that you update
your mailx package immediately.


Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel ia32, the Motorola
  680x0, the Alpha, and the Sun Sparc architecture.

  Source archives:
          MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
          MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
          MD5 checksum: c779002cb043b57fd5198ec2032cacb0

  Alpha architecture:
          MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

  Intel ia32 architecture:
          MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

  Motorola 680x0 architecture:
          MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

  Sun Sparc architecture:
          MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian 2.2 alias potato
- - -----------------------

  This version of Debian is not yet released.  Fixes are currently available
  for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc
  architecture.  Fixes for other architectures will be available soon.

  Source archives:
          MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
          MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
          MD5 checksum: c779002cb043b57fd5198ec2032cacb0

  Alpha architecture:
          MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

  Intel ia32 architecture:
          MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

  Motorola 680x0 architecture:
          MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

  Sun Sparc architecture:
          MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian Unstable alias woody
- ---------------------------

  A fix will be available in the unstable archive soon.

- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp:  dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOTvvoqjZR/ntlUftAQHtlgL6A2QY9ZB1v1bmy2lhv/r6ltak8mH9jpkD
0Mhr9K1rVsdCIU0CPlU9plafl9OiUcqzl98QOfO/ggdGqt4QcWsJd3MQTXcNACJz
DTExRhZHlAa5v0u+3Hfn/yoCqxde23ma
=JDwA
-----END PGP SIGNATURE-----

Debian: mailx local exploit

June 5, 2000
The version of mailx distributed in Debian GNU/Linux 2.1, the frozen (potato) and unstable (woody) distributions is vulnerable to a local buffer overflow.

Summary

Package: mailx
Vulnerability: local exploit
Debian-specific: no

The version of mailx distributed in Debian GNU/Linux 2.1 (a.k.a. slink), as
well as in the frozen (potato) and unstable (woody) distributions is
vulnerable to a local buffer overflow while sending messages. This could be
exploited to give a shell running with group "mail".

This has been fixed in version 8.1.1-10.1, and we recommend that you update
your mailx package immediately.


Debian GNU/Linux 2.1 alias slink

This version of Debian was released only for Intel ia32, the Motorola
680x0, the Alpha, and the Sun Sparc architecture.

Source archives:
MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:
MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

Intel ia32 architecture:
MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

Motorola 680x0 architecture:
MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

Sun Sparc architecture:
MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian 2.2 alias potato
- - -----------------------

This version of Debian is not yet released. Fixes are currently available
for Intel ia32, the Motorola 680x0, the Alpha, and the Sun Sparc
architecture. Fixes for other architectures will be available soon.

Source archives:
MD5 checksum: 13866649fb581d9ca53e2e8c6bb70733
MD5 checksum: 87d8fd019a35aba4041ba12cbde64ee6
MD5 checksum: c779002cb043b57fd5198ec2032cacb0

Alpha architecture:
MD5 checksum: 6da920f8c1d5a4924e88982923cfe5bb

Intel ia32 architecture:
MD5 checksum: f2b17ff796cc5209700f5d58803d9c77

Motorola 680x0 architecture:
MD5 checksum: 908eece4836b1f021d6f29abdd8360a5

Sun Sparc architecture:
MD5 checksum: e38842ada3f9eac9dd5b1ec836f0ea63

Debian Unstable alias woody

A fix will be available in the unstable archive soon.

For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOTvvoqjZR/ntlUftAQHtlgL6A2QY9ZB1v1bmy2lhv/r6ltak8mH9jpkD
0Mhr9K1rVsdCIU0CPlU9plafl9OiUcqzl98QOfO/ggdGqt4QcWsJd3MQTXcNACJz
DTExRhZHlAa5v0u+3Hfn/yoCqxde23ma
=JDwA
-----END PGP SIGNATURE-----


Severity
Debian Security Advisory security@debian.org
http://www.debian.org/security/ Daniel Jacobowitz
June 5, 2000

Related News

24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
Sign Up