Debian: super Format string vulnerability

    Date19 Jun 2004
    CategoryDebian
    2662
    Posted ByLinuxSecurity Advisories
    This vulnerability could potentially be exploited by a local user to execute arbitrary code with root privileges.
    
    Debian Security Advisory DSA 522-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Matt Zimmerman
    June 19th, 2004                          http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : super
    Vulnerability  : format string
    Problem-Type   : remote
    Debian-specific: no
    CVE Ids        : CAN-2004-0579
    
    Max Vozeler discovered a format string vulnerability in super, a
    program to allow specified users to execute commands with root
    privileges.  This vulnerability could potentially be exploited by a
    local user to execute arbitrary code with root privileges.
    
    For the current stable distribution (woody), this problem has been
    fixed in version 3.16.1-1.2.
    
    For the unstable distribution (sid), this problem will has been fixed
    in version 3.23.0-1.
    
    We recommend that you update your super package.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.dsc
          Size/MD5 checksum:      575 cac1a056bb9e19b1338819fc4b88562c
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2.diff.gz
          Size/MD5 checksum:    10032 99656fad8f5c309f26a02e2ef55d7358
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1.orig.tar.gz
          Size/MD5 checksum:   192062 cc868b2fc2b44c47d86da314a11acf0b
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_alpha.deb
          Size/MD5 checksum:   126800 06b6c023404345b2cf744dda440ffa05
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_arm.deb
          Size/MD5 checksum:   115492 89f02438278dfb1c01d93d47be991d7a
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_i386.deb
          Size/MD5 checksum:   110300 357228adad26cd42db7f25c1634d8808
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_ia64.deb
          Size/MD5 checksum:   144430 2d72df2a9ec7322272e0c5966b0e5b7c
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_hppa.deb
          Size/MD5 checksum:   124062 50ed0d3bc17633b2dcf01007ee7e035c
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_m68k.deb
          Size/MD5 checksum:   108254 9cedd2b84c59a6666f7b8942ebde0597
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mips.deb
          Size/MD5 checksum:   120728 a7ccfd46184977221d8fd0b1ec0ef7e5
    
      Little endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_mipsel.deb
          Size/MD5 checksum:   121174 77a234a605b57758fdbded86a533ce7f
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_powerpc.deb
          Size/MD5 checksum:   116772 c190e00530ae034c0036a28b70cec5bd
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_s390.deb
          Size/MD5 checksum:   114678 04d5d44dc5298d141851bb3ca939c5ea
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/s/super/super_3.16.1-1.2_sparc.deb
          Size/MD5 checksum:   117518 5f5437d7e2879a1ead1916ee7d9453db
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"25","type":"x","order":"1","pct":54.35,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":10.87,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"16","type":"x","order":"3","pct":34.78,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.