Linux Security
    Linux Security
    Linux Security

    Debian: www-sql Buffer overflow vulnerability

    Posted By
    Exploiting this vulnerability, a local user could cause the execution of arbitrary code by creating a web page and processing it with www-sql.
    Debian Security Advisory DSA 523-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Matt Zimmerman
    June 19th, 2004                
    - --------------------------------------------------------------------------
    Package        : www-sql
    Vulnerability  : buffer overflow
    Problem-Type   : local
    Debian-specific: no
    CVE Ids        : CAN-2004-0455
    Ulf Härnhammar discovered a buffer overflow vulnerability in www-sql,
    a CGI program which enables the creation of dynamic web pages by
    embedding SQL statements in HTML.  By exploiting this
    vulnerability, a local user could cause the execution of arbitrary
    code by creating a web page and processing it with www-sql.
    For the current stable distribution (woody), this problem has been
    fixed in version 0.5.7-17woody1.
    For the unstable distribution (sid), this problem will be fixed soon.
    We recommend that you update your www-sql package.
    Upgrade Instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
      Source archives:
          Size/MD5 checksum:      623 830be25aad38186b4178ce5ff424d796
          Size/MD5 checksum:     5651 17f259d168cb7d620c125d5d7cc3a311
          Size/MD5 checksum:   144332 96aaae705c711c4af723c6646a48c301
      Alpha architecture:
          Size/MD5 checksum:    47508 453ee924cde1a11376a4502995670e8e
          Size/MD5 checksum:    48472 e1652f6b7d2454a7e1288874821a09e1
      ARM architecture:
          Size/MD5 checksum:    42002 4254ca5e05d673c1d73c4f9ed73ed126
          Size/MD5 checksum:    42338 404e674c59182c200b9693d80289b752
      Intel IA-32 architecture:
          Size/MD5 checksum:    41446 28de214d36809a8ed88484d65a290619
          Size/MD5 checksum:    41798 3cdd4a39f99a88b4ee868c7be8e051fc
      Intel IA-64 architecture:
          Size/MD5 checksum:    53050 8d8caceeb1843afef110dba1f94f91bb
          Size/MD5 checksum:    53524 b5e42ce7363e4617fe88a05fc1dd048e
      HP Precision architecture:
          Size/MD5 checksum:    45330 a0da3671f82ebd5c4dac0ff894463021
          Size/MD5 checksum:    45796 6729114cc8e92fa1b278ccf619370f50
      Motorola 680x0 architecture:
          Size/MD5 checksum:    40222 0af8912f6629243e49f71b520c9522c1
          Size/MD5 checksum:    40542 edb269316ec27e7f73bb801e0bb74c00
      Big endian MIPS architecture:
          Size/MD5 checksum:    45190 eba2210f7bbfb019d7a4dacb40e69460
          Size/MD5 checksum:    45438 ee92959d93a961dcd431a7b917677aef
      Little endian MIPS architecture:
          Size/MD5 checksum:    45154 409d7105da9c8ad1f6058d5ac9afa3e1
          Size/MD5 checksum:    45396 3c546d9fb0bd4a8e9d7cf49170548025
      PowerPC architecture:
          Size/MD5 checksum:    43308 c28b6434bd49223dad7d0b66dfcadc2b
          Size/MD5 checksum:    43590 99ac9c623aeca76c3ff11c5396dc0cd6
      IBM S/390 architecture:
          Size/MD5 checksum:    41964 39051246d47b4f0aee9f329127d0d399
          Size/MD5 checksum:    42342 00527844efabda772352978219f3f0bc
      Sun Sparc architecture:
          Size/MD5 checksum:    45352 5efc0ca0ae8903745c0a432be05d177e
          Size/MD5 checksum:    43040 daa363e35825f94fa0d6717da3f163ad
      These files will probably be moved into the stable distribution on
      its next revision.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    How are you contributing to Open Source?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    [{"id":"127","title":"I'm involved with the development of an open-source project(s).","votes":"2","type":"x","order":"1","pct":100,"resources":[]},{"id":"128","title":"I've reported vulnerabilities I've discovered in open-source code.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"129","title":"I've provided developers with feedback on their projects.","votes":"0","type":"x","order":"3","pct":0,"resources":[]},{"id":"130","title":"I've helped another community member get started contributing to Open Source.","votes":"0","type":"x","order":"4","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.