security advisorybuffer overflowdebian
A netris client connectingto an untrusted netris server could be sent an unusually long datapacket, which would be copied into a fixed-length buffer withoutbounds checking.. -------------------------------------------------------------------------- Debian Security Advisory DSA 372-1 This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Matt Zimmerman August 16th, 2003 Debian -- Debian security FAQ -------------------------------------------------------------------------- Package : netris Vulnerability : buffer overflow Problem-Type : remote Debian-specific: no CVE Ids : CAN-2003-0685 Shaun Colley discovered a buffer overflow vulnerability in netris, a network version of a popular puzzle game. A netris client connecting to an untrusted netris server could be sent an unusually long data packet, which would be copied into a fixed-length buffer without bounds checking. This vulnerability could be exploited to gain the priviliges of the user running netris in client mode, if they connect to a hostile netris server. For the current stable distribution (woody) this problem has been fixed in version 0.5-4woody1. For the unstable distribution (sid) this problem is fixed in version 0.52-1. We recommend that you update your netris package. Upgrade Instructions -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody -------------------------------- Source archives: Size/MD5 checksum: 557 ddea827207a57825a7f55de3fd89265d Size/MD5 checksum: 6597dccb0e16492a67e3eb2c39b77c0a709f Size/MD5 checksum: 32737 a30c950fd4e4779a26f856bc7cd1aaff Alpha architecture: Size/MD5 checksum: 41918 e8c9b914878ad7fdbd8a6b52aa1338e3 ARM architecture: Size/MD5 checksum: 34106 52f38b272ba899c8fe0c5fd8a2fad457 Intel IA-32 architecture: Size/MD5 checksum: 32868 f0a6ae7b857d6236b89b214a8f484094 Intel IA-64 architecture: Size/MD5 checksum: 49624 1b82ed2df7b66f5b75a74b55d8496eb1 HP Precision architecture: Size/MD5 checksum: 38054 222c7bdcc91db0e781a9bcd0f0109c4d Motorola 680x0 architecture: Size/MD5 checksum: 32288 573dda83165f30e90bc19f7d505fe505 Big endian MIPS architecture: Size/MD5 checksum: 39082 8a70d7f21fa7ad7e59a69653ffcf1692 Little endian MIPS architecture: Size/MD5 checksum: 39408 88cfd65309ea4881689d4d032d5a7a35 PowerPC architecture: Size/MD5 checksum: 35646 318c4a91574885a5925a55b62f6b02ef IBM S/390 architecture: Size/MD5 checksum: 34712 e5dfb757ba51792a3b9aa51797583231 Sun Sparc architecture: Size/MD5 checksum: 41112 7a5216a9796fb4a7de0ef0faf5cc192a These files will probably be moved into the stable distribution on its next revision. . Severe vulnerability found in netris application threatens Debian devices to external threats. Immediate updates recommended to mitigate risk.. Netris Exploit, Debian Update, Remote Access Risk. . Severity: Medium. LinuxSecurity.com Team
Aug 17, 2003
•Medium
Debian
Refine advisories
