[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] slrn buffer overflow

To: linux-security
Subject: [linux-security] slrn buffer overflow
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 14 Mar 2001 15:01:49 -0800
User-Agent: Mutt/1.2i

Topic
=====
buffer overflow in slrn allows execution of arbitrary code

Problem description
===================
There exists a problem in the wrapping/unwrapping functions of the slrn
newsreader: A long header in a message might overflow a buffer and which
could result into executing arbitraty code encoded in the message.

Affected Systems
================
Systems with slrn versions prior to 0.9.6.3pl4 installed.

Solution
========
upgrade to version 0.9.6.3pl4.

RedHat 6.x
rpm -Fvh slrn-0.9.6.4-0.6.i386.rpm slrn-pull-0.9.6.4-0.6.i386.rpm

RedHat 7.0
rpm -Fvh slrn-0.9.6.4-0.7.i386.rpm slrn-pull-0.9.6.4-0.7.i386.rpm

Debian 2.2 (potato)
upgrade to slrn_0.9.6.2-9potato1_i386.deb

Mandrake 6.x, 7.0, 7.1
rpm -Fvh slrn-0.9.6.3-10.2mdk.i586.rpm slrn-pull-0.9.6.3-10.2mdk.i586.rpm

Mandrake 7.2
rpm -Fvh slrn-0.9.6.3-10.1mdk.i586.rpm slrn-pull-0.9.6.3-10.1mdk.i586.rpm

Prev by Date: [linux-security] more joe bugs
Next by Date: [linux-security] xemacs vulnerability
Prev by thread: [linux-security] xemacs vulnerability
Next by thread: [linux-security] more joe bugs
Index(es):
- Date
- Thread