Debian: 'xpilot' Remote buffer overflow vulnerability

    Date17 Apr 2002
    CategoryDebian
    2546
    Posted ByLinuxSecurity Advisories
    This overflow can be abused by remote attackers to gain access tothe server under which the xpilot server is running.
    
    ------------------------------------------------------------------------
    Debian Security Advisory DSA-127-1                   This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/ Wichert Akkerman
    April 17, 2002
    ------------------------------------------------------------------------
    
    
    Package        : xpilot
    Problem type   : remote buffer overflow
    Debian-specific: no
    
    An internal audit by the xpilot (a multi-player tactical manoeuvring
    game for X) maintainers revealed a buffer overflow in xpilot server.
    This overflow can be abused by remote attackers to gain access to
    the server under which the xpilot server is running.
    
    This has been fixed in upstream version 4.5.1 and version
    4.1.0-4.U.4alpha2.4.potato1 of the Debian package.
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    
    Debian GNU/Linux 2.2 alias potato
    ---------------------------------
    
      Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
      At this moment arm packages are not available yet.
    
      Source archives:
         http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.diff.gz
    MD5 checksum: 6c7aa5e06237d0848cc05c3f121d43f3
         http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0-4.U.4alpha2.4.potato1.dsc
    MD5 checksum: 51c30a3a226f52e0f99ed5d656e42f37
         http://security.debian.org/dists/stable/updates/main/source/xpilot_4.1.0.orig.tar.gz
    MD5 checksum: 049f4e51d8f033911d3ce055b3b6b701
    
      Architecture independent archives:
         http://security.debian.org/dists/stable/updates/main/binary-all/xpilot_4.1.0-4.U.4alpha2.4.potato1_all.deb
    MD5 checksum: 05c17a8211111e576b8886d6dfd4e737
    
      Alpha architecture:
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
    MD5 checksum: f506b1c9866c9585900351c10955dd43
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
    MD5 checksum: c45fd37746a572ca4d778a2f6e52dbc5
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
    MD5 checksum: 3950b11932d57fb3ae72d1d5621d7f05
         http://security.debian.org/dists/stable/updates/main/binary-alpha/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_alpha.deb
    MD5 checksum: a66b89463d42a6975df899fa130470f8
    
      Intel IA-32 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_i386.deb
    MD5 checksum: f0d1306de990f6160ba5cc3e1580b2b2
         http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_i386.deb
    MD5 checksum: 28b1c0e638e142f93eb2af7ca71f80d5
         http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_i386.deb
    MD5 checksum: 4bb509a8a5711bc570c9e2645b926a35
         http://security.debian.org/dists/stable/updates/main/binary-i386/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_i386.deb
    MD5 checksum: b2c7cf184d6ff9b9b52e7e5a324ff3d7
    
      Motorola 680x0 architecture:
         http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
    MD5 checksum: dbac533733306578fdc22c585c1e55e6
         http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
    MD5 checksum: d8d9414db73b3088330755a7d561ac5d
         http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
    MD5 checksum: 84ec746bc1c1e816448e10868981794d
         http://security.debian.org/dists/stable/updates/main/binary-m68k/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_m68k.deb
    MD5 checksum: ae66ef2a10d456761541c135bf88fb16
    
      PowerPC architecture:
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
    MD5 checksum: 49cc8ed07762238a86369190e76dad69
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
    MD5 checksum: cb0ec5bcf0895efb66f403cafa55d65b
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
    MD5 checksum: 98b99485dddf88297de54d3cf9af57b0
         http://security.debian.org/dists/stable/updates/main/binary-powerpc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_powerpc.deb
    MD5 checksum: 256bb2bdfad21832a159570239900da5
    
      Sun Sparc architecture:
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nas_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
    MD5 checksum: c496e49126d1e2b6991ffbd1c131f5c9
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-nosound_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
    MD5 checksum: 507b9fbda3656835a068f86594aaf8bb
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-client-rplay_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
    MD5 checksum: d47eb85feb092c653e367fcd348600b1
         http://security.debian.org/dists/stable/updates/main/binary-sparc/xpilot-server_4.1.0-4.U.4alpha2.4.potato1_sparc.deb
    MD5 checksum: 8658a59cc18ba83ba84304df0ecbbfec
    
      These packages will be moved into the stable distribution on its next
      revision.
    
    --
    ----------------------------------------------------------------------------
    apt-get: deb  http://security.debian.org/ stable/updates main
    dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":61.54,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":23.08,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":15.38,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.