Debian: radiusd-cistron buffer overflow vulnerability

    Date16 Jun 2003
    CategoryDebian
    1964
    Posted ByLinuxSecurity Advisories
    radiusd-cistron contains a bug allowing a buffer overflow when a long NAS-Port attribute is received.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 321-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 13th, 2003                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : radiusd-cistron
    Vulnerability  : buffer overflow
    Problem-Type   : remote
    Debian-specific: no
    
    radiusd-cistron contains a bug allowing a buffer overflow when a long
    NAS-Port attribute is received.  This could allow a remote attacker to
    execute arbitrary code on the with the privileges of the RADIUS daemon
    (usually root).
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.6.6-1woody1.
    
    For the old stable distribution (potato), this problem will be fixed
    in a later advisory.
    
    For the unstable distribution (sid) this problem will be fixed soon.
    
    We recommend that you update your radiusd-cistron package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.dsc
          Size/MD5 checksum:      611 b6a3c69ca08b1f6984147e64f7ddcaab
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1.diff.gz
          Size/MD5 checksum:     4221 ad563e14d3f3da713973cd23e97dcef5
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6.orig.tar.gz
          Size/MD5 checksum:   194154 16084870890fd2ec577dbe183b51a379
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_alpha.deb
          Size/MD5 checksum:   262652 b541753d08f0d124a9f48133eeac381e
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_arm.deb
          Size/MD5 checksum:   235578 6277971c73bf52c22b5623f9131a8d9f
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_i386.deb
          Size/MD5 checksum:   231960 9ca72ec922c0fd80e22d05a06176b265
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_ia64.deb
          Size/MD5 checksum:   365566 ea7299686e6629039ecdf81abdebd5ee
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_hppa.deb
          Size/MD5 checksum:   235502 886c9f6006c80dcf3c4c5305c76411b7
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_m68k.deb
          Size/MD5 checksum:   225678 39c53545d15bb167550fd462a139fc35
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_mips.deb
          Size/MD5 checksum:   246130 3d98988fb2128bc26735c1c5b7a41cde
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_mipsel.deb
          Size/MD5 checksum:   245672 88e63e2d94973aa7e65176b81184ed80
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_powerpc.deb
          Size/MD5 checksum:   229238 eb1d0a109bb66e3d39c902f561779afc
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_s390.deb
          Size/MD5 checksum:   238530 396c1a07cc893b3d77a1ecfcbc0ee57a
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/r/radiusd-cistron/radiusd-cistron_1.6.6-1woody1_sparc.deb
          Size/MD5 checksum:   248882 0e39dd1a1310e1afedc4d39e2b8d2794
    
    These files will probably be moved into the stable distribution on its
    next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"5","type":"x","order":"1","pct":55.56,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":33.33,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":11.11,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.