Debian: Critical Risk 2000-0025 - Remote Code Execution from Package Issues
debian
July 27, 2000
It might be possible for local usersto abuse this to carry out unauthorised actions or be able to takecontrol for service user accounts.
Topics Covered
Summary
Package : userv
Problem type : local exploit
Debian-specific: no
The version of userv that was distributed with Debian GNU/Linux 2.1 / slink
had a problem in the fd swapping algorithm: it could sometimes make an
out-of-bounds array reference. It might be possible for local usersto abuse this to carry out unauthorised actions or be able to take
control for service user accounts.
This has been fixed in version 1.0.1.0slink for Debian 2.1, and
version 1.0.1.1potato for Debian 2.2 .
We recommend you upgrade your uesrv package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
This version of Debian was released only for Intel, the Motorola
680x0, the alpha and the Sun sparc architecture.
Source archives:
MD5 checksum: 473a8fe477d20614aad97f538896969a
MD5 checksum: 40b052547e2ea9fa69a12ee24dfe2af7
Alpha architecture:
MD5 checksum: 4934d1163e2e5fbb2d74d5a94908...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!