[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] various Debian advisories



Topic
=====
remote root exploit in ethereal
incorrect suid flages for xmcd
/tmp-file vulnerability in elvis-tiny

Problem Description
===================
Ethereal contains a buffer overflow in the AFS packet parsing code.
An attacker can exploit those overflows by sending carefully crafted packets
to a network that is being monitored by ethereal.

The Debian GNU/Linux xmcd package installs two setuid
helpers for accessing cddb databases and SCSI cdrom drives.  More recently,
the package offered the administrator the chance to remove these setuid
flags, but did so incorrectly.
A buffer overflow in ncurses, linked to the "cda" binary, allowed a root
exploit.  Fixed ncurses packages have been released, as well as fixed
xmcd packages which do not install this binary with a setuid flag.
The problem is fixed in xmcd 2.5pl1-7.1.  You may need to add users of xmcd
to the "audio" and "cdrom" groups in order for them to continue using xmcd.

elvis-tiny creates temporary files with a predictable pattern and the
O_EXCL flag is not used when opening. This makes users of elvis-tiny
vulnerable to race conditions and/or data lossage.
This problem has been fixed in version 1.4-10.
This problem does not exist in the big elvis package.

Affected Systems
================
Debian

Not Affected
============
RedHat

Solution
========
Debian 2.2 (potato)
upgrade to ethereal_0.8.0-2potato_i386.deb
           cddb_2.5pl1-7.1_i386.deb
           xmcd_2.5pl1-7.1_i386.deb
           elvis-tiny_1.4-10_i386.deb