Debian: New xmcd packages fix denial of service

    Date02 Jun 2006
    CategoryDebian
    5245
    Posted ByLinuxSecurity Advisories
    The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 1086-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    June 2nd, 2006                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : xmcd
    Vulnerability  : design flaw
    Problem type   : local
    Debian-specific: no
    CVE ID         : CVE-2006-2542
    Debian Bug     : 366816
    
    The xmcdconfig creates directories world-writeable allowing local
    users to fill the /usr and /var partition and hence cause a denial of
    service.  This problem has been half-fixed since version 2.3-1.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 2.6-14woody1.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 2.6-17sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 2.6-18.
    
    We recommend that you upgrade your xmcd package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given at the end of this advisory:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
          Size/MD5 checksum:      619 42038224877b80e57969e82e14a6ee5a
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
          Size/MD5 checksum:    19169 3144b9f7dc78b1a0a668eff06ded3b08
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
          Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
          Size/MD5 checksum:    65648 d4beba33b15cdef57c315666e9dbeaf3
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
          Size/MD5 checksum:   458520 da2013cefff5009ed770397ea7cf23fe
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
          Size/MD5 checksum:    60464 2a9f06c9a2f888ea56ac62bdfe2eb05e
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
          Size/MD5 checksum:   378038 932f832766a947aac29d9b40f2f8a026
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
          Size/MD5 checksum:    58970 506435aef6b9a12c0715e73dea67eefd
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
          Size/MD5 checksum:   324960 2eba0f70812dada62ec2fb3f3b054318
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
          Size/MD5 checksum:    66140 6d3eff9fdf1d9c6052c9554bc4dd584a
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
          Size/MD5 checksum:   543700 dce5ff73c754b4425fe642117a52f5fa
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
          Size/MD5 checksum:    60954 f48d59a10a2891bdb1842da42fe0b0f4
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
          Size/MD5 checksum:   406294 2b12245768fce9c5f57cc4a8818ea1be
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
          Size/MD5 checksum:    58890 ce57236e978ed6310d23cf1cfede3224
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
          Size/MD5 checksum:   309832 0de1924af1c4981505849da8e6b8c7af
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
          Size/MD5 checksum:    61476 8a4dcea7adbfb4a1c3294a2622e05d15
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
          Size/MD5 checksum:   377170 91d622c19970fe0dcda24f63e85c7350
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
          Size/MD5 checksum:    61436 27eaa3e4c2365f2e4b49c526acc3df00
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
          Size/MD5 checksum:   378122 c9b63596911f83c72a4c9b7fbd01abf0
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
          Size/MD5 checksum:    60998 74e9b62e02f69db4dfedab57100904dd
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
          Size/MD5 checksum:   364402 28547836494d0142a84c2bf58888c6bf
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
          Size/MD5 checksum:    59818 8d3d1ca6ff1fd1ceb32c42b73d4fe3bb
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
          Size/MD5 checksum:   347966 dd3cc13ee026156516f315b77cb1f06b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
          Size/MD5 checksum:    62724 597ddc3fe6e1c56a3ecb78e2b46c7fd4
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
          Size/MD5 checksum:   361214 e93e33fe714c4b5429eb7a2bce8ba0ea
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
          Size/MD5 checksum:      619 25a530a0383c4ab2cbc2d23a6c95d5f2
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
          Size/MD5 checksum:    20482 d9ce89eebe6f068df0c1d49eacc0bb4b
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
          Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
          Size/MD5 checksum:    62480 d99e5ad3da64edbfbc6a9e5c610683e1
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
          Size/MD5 checksum:   452252 19bf881ff9a11a1d398d97ef2158f07c
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
          Size/MD5 checksum:    60974 d14a6718ad2f95983d0af699aa585df2
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
          Size/MD5 checksum:   375978 1064343cbef2794c637ce6431935280b
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
          Size/MD5 checksum:    60052 870eb636eb62c6b3d5fc310d82e9ae2c
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
          Size/MD5 checksum:   363752 cf23e90fa86d845a66c297a12de2c887
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
          Size/MD5 checksum:    59976 95f0064a7b485df46d6275e3ba98b28e
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
          Size/MD5 checksum:   347032 2e5dfd037ca6a7d7e7ef77fa5b3cdd6a
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
          Size/MD5 checksum:    64146 9cf8c9c4c9aa5a6bf8da06ff9079e4df
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
          Size/MD5 checksum:   521072 6759905bab7f05d9cba71fa19b7b971d
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
          Size/MD5 checksum:    61618 578d619050afd48ba63fbb103a443673
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
          Size/MD5 checksum:   399428 b7c61aa93ff2efd42cb4375940b675df
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
          Size/MD5 checksum:    59428 a95f8b6d48635de344faf79d8dce01f5
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
          Size/MD5 checksum:   311534 313f9f8e4db059b0c58bc37ef61fe6cd
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
          Size/MD5 checksum:    61656 35c929f75f4ab0989ab7fe94afe08a3d
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
          Size/MD5 checksum:   379520 57b63417bfb1d07afb79767268e56022
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
          Size/MD5 checksum:    61688 63b48f033d11adeb78d933e36ad0a904
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
          Size/MD5 checksum:   381286 0e05464ae0243e4c6abfa50d21bf032c
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
          Size/MD5 checksum:    60740 5bfc0950afeb05321af3623f90b015e4
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
          Size/MD5 checksum:   372902 e1706bbfe5c2e920465f339824c3639a
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
          Size/MD5 checksum:    60742 95dcd70b6713309c6f0d57017b024ed7
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
          Size/MD5 checksum:   364676 0e28c9bf8c98276469af3b7a906f9c39
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
          Size/MD5 checksum:    59944 6057d32cd180068884fa63923163cc92
        http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
          Size/MD5 checksum:   354052 51387f66a75f9ab56fa036b970ace931
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.