Debian: 2.2 Potato DSA 050-1 Critical: Local Sendfile Exploit
debian
April 19, 2001
Colin Phipps and Daniel Kobras discovered and fixed several seriousbugs in the saft daemon `sendfiled' which caused it to drop privilegesincorrectly
Topics Covered
Summary
Colin Phipps and Daniel Kobras discovered and fixed several serious
bugs in the saft daemon `sendfiled' which caused it to drop privileges
incorrectly. Exploiting this a local user can easily make it execute
arbitrary code under root privileges.
We recommend you upgrade your sendfile packages immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 2.2 alias potato
------------------------------------
Potato was released for the alpha, arm, i386, m68k, powerpc and sparc
architectures.
Source archives:
MD5 checksum: b5ba5230deef00b0cf815cb79edd5033
MD5 checksum: 48e5cc3435e2432e41299c31bb08f1a4
MD5 checksum: cff003126595d8e77143c42ef898dc10
Alpha architecture:
MD5 checksum: df6c0c2d24eeb20d8d4ca7ccce295f4f
ARM architecture:
MD5 checksum: cecd8e7489dfc4b663e3d99...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: sendfile
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!