Debian 2.2: DSA-063-1 Critical: xinetd Buffer Overflow and Umask Issue
debian
June 18, 2001
A buffer overflow condition and insecure umask mode vulnerabilities have been fixed.
Topics Covered
Summary
Package : xinetd
Problem type : change default umask
buffer overflow
Debian-specific: no
zen-parse reported on bugtraq that there is a possible buffer overflow
in the logging code from xinetd. This could be triggered by using a
fake identd that returns special replies when xinetd does an ident
request.
Another problem is that xinetd sets it umask to 0. As a result any
programs that xinetd start that are not careful with file permissions
will create world-writable files.
Both problems have been fixed in version 2.1.8.8.p3-1.1 .
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 457150cded692f00e76c73c8ae7787d1
MD5 checksum: c3c9764680b907c382904aa1e5ba32b0
MD5 checksum: 5d1f4d5bab29d9e68dc8850b4cb90969
Alpha architecture:
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!