Debian: masqmail buffer overflows

    Date12 Nov 2002
    CategoryDebian
    2400
    Posted ByLinuxSecurity Advisories
    A set of buffer overflows have been discovered in masqmail, a mail transport agent for hosts without permanent internet connection.
    
    --------------------------------------------------------------------------
    Debian Security Advisory DSA 194-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    November 12th, 2002                      http://www.debian.org/security/faq
    --------------------------------------------------------------------------
    
    Package        : masqmail
    Vulnerability  : buffer overflows
    Problem-Type   : local
    Debian-specific: no
    CVE Id         : CAN-2002-1279
    
    A set of buffer overflows have been discovered in masqmail, a mail
    transport agent for hosts without permanent internet connection.  In
    addition to this privileges were dropped only after reading a user
    supplied configuration file.  Together this could be exploited to gain
    unauthorized root access to the machine on which masqmail is
    installed.
    
    These problems have been fixed in version 0.1.16-2.1 for the current
    stable distribution (woody) and in version 0.2.15-1 for the unstable
    distribution (sid).  The old stable distribution (potato) is not
    affected since it doesn't contain a masqmail package.
    
    We recommend that you upgrade your masqmail package immediately.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1.dsc
          Size/MD5 checksum:      616 5280d0a0dd4d35e59f55e96bb5db62ae
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1.diff.gz
          Size/MD5 checksum:    10140 072e97e7ca9eb24a47257c25e0ca7a2e
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16.orig.tar.gz
          Size/MD5 checksum:   174634 0e391fd2d56d61b0a879f3c37b9e068d
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_alpha.deb
          Size/MD5 checksum:   103550 50fee9f437212f257ee52cd5f38efe81
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_arm.deb
          Size/MD5 checksum:    90690 fbed6c28bbe66a4c440169c2eb617a7b
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_i386.deb
          Size/MD5 checksum:    88358 586f60f60d81dc17379df547f5796f8a
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_ia64.deb
          Size/MD5 checksum:   123600 f771c889fbd114ff0b598f80ccb44205
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_hppa.deb
          Size/MD5 checksum:    98890 3ef668d59181074f92fea4950c542762
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_m68k.deb
          Size/MD5 checksum:    86096 aa83c891f83cea9e7742d845479a58e5
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_mips.deb
          Size/MD5 checksum:    97278 5d61799a00d95c6d5816c5e71e274408
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_mipsel.deb
          Size/MD5 checksum:    99622 d76f774f35fbb0b00f9e05e67015258e
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_powerpc.deb
          Size/MD5 checksum:    91898 f07d6ad9f52b11c86cb647506b943581
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_s390.deb
          Size/MD5 checksum:    90494 c09732ad8c400bb5d7f1a21a525395c9
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/m/masqmail/masqmail_0.1.16-2.1_sparc.deb
          Size/MD5 checksum:    92568 01a43e7db6865c282e8dfb2ba64cc192
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.