Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Debian 2.2: DSA-063-1 Critical: xinetd Buffer Overflow and Umask Issue

debian
Calendar Grey June 18, 2001
Debian Logo
Recent updates for xinetd address urgent security flaws, notably a dangerous buffer overflow and improper umask configurations for Debian systems.
A buffer overflow condition and insecure umask mode vulnerabilities have been fixed.

Summary

Package : xinetd
Problem type : change default umask
buffer overflow
Debian-specific: no

zen-parse reported on bugtraq that there is a possible buffer overflow
in the logging code from xinetd. This could be triggered by using a
fake identd that returns special replies when xinetd does an ident
request.

Another problem is that xinetd sets it umask to 0. As a result any
programs that xinetd start that are not careful with file permissions
will create world-writable files.

Both problems have been fixed in version 2.1.8.8.p3-1.1 .

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:

MD5 checksum: 457150cded692f00e76c73c8ae7787d1

MD5 checksum: c3c9764680b907c382904aa1e5ba32b0

MD5 checksum: 5d1f4d5bab29d9e68dc8850b4cb90969

Alpha architecture:

...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.