1. Topic:
There are several buffer overruns in the mars_nwe package.

2. Bug IDs fixed:
5002

3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

mars- nwe-0.99pl17-4.i386.rpm

Alpha:

mars-nwe-0.99pl17-4.alpha.rpm

SPARC:

mars-nwe-0.99pl17-4.sparc.rpm

Source:

mars- nwe-0.99pl17-4.src.rpm

Architecture neutral:

7. Problem description:
Buffer overflows are present in the mars_nwe package. Since the code that contains these overflows is run as root, a local root compromise is possible if users create carefully designed directories and/or bindery objects.

A sample exploit has been made available.

Thanks go to Przemyslaw Frasunek (This email address is being protected from spambots. You need JavaScript enabled to view it.) and Babcia Padlina Ltd. for noting the problem and providing a patch.

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:

 MD5 sum                           Package Name

 -------------------------------------------------------------------------
adbd809d9de3d22fed637bcf56ede66f  i386/mars-nwe-0.99pl17-4.i386.rpm
729f888a3c1ebb87bcf04c204bf7b9dc  alpha/mars-nwe-0.99pl17-4.alpha.rpm
bf73f67c225c2edce4d7ee52b5796803  sparc/mars-nwe-0.99pl17-4.sparc.rpm
b9c61129b2e04d25c48863ededc35568  SRPMS/mars-nwe-0.99pl17-4.src.rpm






 

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp filename

10. References:
Bugtraq ID: 617 <This email address is being protected from spambots. You need JavaScript enabled to view it.>