LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: October 20th, 2014
Linux Advisory Watch: October 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: canna remote exploit Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian Buffer overflow has been fixed for Debian GNU/Linux 2.1
-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory                             security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
July  2, 2000
- ------------------------------------------------------------------------


Package        : canna
Problem type   : remote exploit
Debian-specific: no

The canna package as distributed in Debian GNU/Linux 2.1 can be
remotely exploited to gain access. This could be done by overflowing
a buffer by sending a SR_INIT command with a very long usernamd or
groupname.

This has been fixed in version 3.5b2-24slink1, and recommend that you
upgrade your canna package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

Debian GNU/Linux 2.1 alias slink
- --------------------------------

  This version of Debian was released only for Intel, the Motorola
  680x0, the alpha and the Sun sparc architecture.

  The packages for the Sun sparc architecture are not available at
  this moment; they will be announced on http://security.debian.org/
  when they are.

  Source archives:
    http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.diff.gz
      MD5 checksum: 7220bdad24aa3be2fdfc4f1bfd978235
    http://security.debian.org/dists/stable/updates/source/canna_3.5b2-24slink1.dsc
      MD5 checksum: b62f0558dc852ed61930157236622e3d
    http://security.debian.org/dists/stable/updates/source/canna_3.5b2.orig.tar.gz
      MD5 checksum: 5e1d8527d397c3914ce6104dac3db466

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/binary-alpha/canna-utils_3.5b2-24slink1_alpha.deb
      MD5 checksum: b9318bb7dcb1936c3d16c54f8c799564
    http://security.debian.org/dists/stable/updates/binary-alpha/canna_3.5b2-24slink1_alpha.deb
      MD5 checksum: 1bcbbd1c4ad3146d66b2ca10b4914ccf
    http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g-dev_3.5b2-24slink1_alpha.deb
      MD5 checksum: 05df65c96e2adfc6d1cde593ef76ca33
    http://security.debian.org/dists/stable/updates/binary-alpha/libcanna1g_3.5b2-24slink1_alpha.deb
      MD5 checksum: b1e30d11faaccbf0014c42e56949c87c

  Intel ia32 architecture:
    http://security.debian.org/dists/stable/updates/binary-i386/canna-utils_3.5b2-24slink1_i386.deb
      MD5 checksum: 45705fd8a8d230d3dd0094707eb2fac3
    http://security.debian.org/dists/stable/updates/binary-i386/canna_3.5b2-24slink1_i386.deb
      MD5 checksum: c15a54507be2fc745d55718efbae4f74

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/binary-m68k/canna-utils_3.5b2-24slink1_m68k.deb
      MD5 checksum: aa0ef7ffe8ca29a99ba882513dd29888
    http://security.debian.org/dists/stable/updates/binary-m68k/canna_3.5b2-24slink1_m68k.deb
      MD5 checksum: 4069ed58591b44a5c670fd0a91e77ae1
    http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g-dev_3.5b2-24slink1_m68k.deb
      MD5 checksum: 005a4f8f6dbdafc1f1ccdc8443ddc8ad
    http://security.debian.org/dists/stable/updates/binary-m68k/libcanna1g_3.5b2-24slink1_m68k.deb
      MD5 checksum: 5aff2c0b7b089900faff113ce8a0abab


  These files will be moved into
  ftp://ftp.debian.org/debian/dists/stable/*/binary-$arch/ soon.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Please note that potato has not been released yet. However since it is in
  the final stages of the release process security updates are already being
  distributed.

  The updated packages for potato have already been installed in the
  archive. 

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBOV9E7qjZR/ntlUftAQFv5QL9H3s/REAWPFBBj8XsAIQNUOWoqD3LhSXt
csdcD5gKmeV8QKsZsvmS819cq3IW7nF+ORJjgpNzKKkd0fRE1/9io1POqu5CjbAP
h82uUG1LRWMD9z/YY80wDtbzNuXQYygh
=ZphM
-----END PGP SIGNATURE-----
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Mobile Device Encryption Could Lead to a ‘Very, Very Dark Place’, FBI Director Says
What a hacker can learn about your life from the coffee shop’s Wi-Fi network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.