LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: September 15th, 2014
Linux Security Week: September 8th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: 'wmaker' buffer overflow vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by LinuxSecurity.com Team   
Debian The code that handles titles in the window list menu didnot check the length of the title when copying it to a buffer.

------------------------------------------------------------------------
Debian Security Advisory DSA-074-1                   security@debian.org 
http://www.debian.org/security/                         Wichert Akkerman
August 12, 2001
------------------------------------------------------------------------


Package        : wmaker
Problem type   : buffer overflow
Debian-specific: no

Alban Hertroys found a buffer overflow in Window Maker (a popular window
manager for X). The code that handles titles in the window list menu did
not check the length of the title when copying it to a buffer. Since
applications will set the title using untrusted data (for example web
browsers will set the title of their window to the title of the web-page
being shown) this could be exploited remotely.

This has been fixed in version 0.61.1-4.1 of the Debian package, and
upstream version 0.65.1.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
     http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.diff.gz
      MD5 checksum: 3038244891749b522ffafdd5a47c7f49
     http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1-4.1.dsc
      MD5 checksum: 3c0779b1145facb7b747cc1229763f88
     http://security.debian.org/dists/stable/updates/main/source/wmaker_0.61.1.orig.tar.gz
      MD5 checksum: ed92ef5b52dbde235e6b9fcf1ff2a29a

  Alpha architecture:
     http://security.debian.org/dists/stable/updates/main/binary-alpha/libdockapp-dev_0.61.1-4.1_alpha.deb
      MD5 checksum: bc9933a05f8cdb4b56c0333218445895
     http://security.debian.org/dists/stable/updates/main/binary-alpha/libwings-dev_0.61.1-4.1_alpha.deb
      MD5 checksum: e17eeb375f21fd4328ee936c39d717eb
     http://security.debian.org/dists/stable/updates/main/binary-alpha/libwmaker0-dev_0.61.1-4.1_alpha.deb
      MD5 checksum: 3c0f585d2b91c3f8c53ca13a54f4c2aa
     http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1-dev_0.61.1-4.1_alpha.deb
      MD5 checksum: a642754abddce4c6783c412c1dcdeead
     http://security.debian.org/dists/stable/updates/main/binary-alpha/libwraster1_0.61.1-4.1_alpha.deb
      MD5 checksum: 9b49e0e76a89364fb38ed39d8f92a35f
     http://security.debian.org/dists/stable/updates/main/binary-alpha/wmaker_0.61.1-4.1_alpha.deb
      MD5 checksum: 32d409ca1f97ffcfd5f0149ac582f286

  ARM architecture:
     http://security.debian.org/dists/stable/updates/main/binary-arm/libdockapp-dev_0.61.1-4.1_arm.deb
      MD5 checksum: f58911ef570c42a457328e6f3a454dab
     http://security.debian.org/dists/stable/updates/main/binary-arm/libwings-dev_0.61.1-4.1_arm.deb
      MD5 checksum: aee517ccfdc8a7a82acfd6afb8f49be7
     http://security.debian.org/dists/stable/updates/main/binary-arm/libwmaker0-dev_0.61.1-4.1_arm.deb
      MD5 checksum: 68d9d6b1bf5431ecf76786dffae9271c
     http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1-dev_0.61.1-4.1_arm.deb
      MD5 checksum: fc1b5ad7299c420410a3a5c7dc709df9
     http://security.debian.org/dists/stable/updates/main/binary-arm/libwraster1_0.61.1-4.1_arm.deb
      MD5 checksum: be6e2bdf5668f4c6f1bd6576a7343d3e
     http://security.debian.org/dists/stable/updates/main/binary-arm/wmaker_0.61.1-4.1_arm.deb
      MD5 checksum: a5eb7a8ad9ec708e97758564e328bcc2

  Intel IA-32 architecture:
     http://security.debian.org/dists/stable/updates/main/binary-i386/libdockapp-dev_0.61.1-4.1_i386.deb
      MD5 checksum: c0a2fd1c43ad010b7e44a2d9b304080a
     http://security.debian.org/dists/stable/updates/main/binary-i386/libwings-dev_0.61.1-4.1_i386.deb
      MD5 checksum: 57cc734cee2211a96b9a611844b2222f
     http://security.debian.org/dists/stable/updates/main/binary-i386/libwmaker0-dev_0.61.1-4.1_i386.deb
      MD5 checksum: 8b206c90890d7cdeee4f3f793fb0ca9a
     http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1-dev_0.61.1-4.1_i386.deb
      MD5 checksum: ad998176696e919af113c59a959f301b
     http://security.debian.org/dists/stable/updates/main/binary-i386/libwraster1_0.61.1-4.1_i386.deb
      MD5 checksum: 4736cd5c428c72325f1896a62e14d8c2
     http://security.debian.org/dists/stable/updates/main/binary-i386/wmaker_0.61.1-4.1_i386.deb
      MD5 checksum: b1a4d4c2489582e5dce8ab62f76ba343

  Motorola 680x0 architecture:
     http://security.debian.org/dists/stable/updates/main/binary-m68k/libdockapp-dev_0.61.1-4.1_m68k.deb
      MD5 checksum: c5b8847e5714564543bd0a8f1bc48194
     http://security.debian.org/dists/stable/updates/main/binary-m68k/libwings-dev_0.61.1-4.1_m68k.deb
      MD5 checksum: 29de728ae7a3f74d24a76c2e66eefaf6
     http://security.debian.org/dists/stable/updates/main/binary-m68k/libwmaker0-dev_0.61.1-4.1_m68k.deb
      MD5 checksum: 14b33fe41884d688783bef6eab8fd6f7
     http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1-dev_0.61.1-4.1_m68k.deb
      MD5 checksum: 543bd9e9650fddbb3f4dcc9a1c77574f
     http://security.debian.org/dists/stable/updates/main/binary-m68k/libwraster1_0.61.1-4.1_m68k.deb
      MD5 checksum: 7b5ab0a6589686f401889facd1652384
     http://security.debian.org/dists/stable/updates/main/binary-m68k/wmaker_0.61.1-4.1_m68k.deb
      MD5 checksum: 96f089aeb1ff5f68f6f6351ab56e1a22

  PowerPC architecture:
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/libdockapp-dev_0.61.1-4.1_powerpc.deb
      MD5 checksum: e5eb8f54476b6f7825b674f59c5178d6
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwings-dev_0.61.1-4.1_powerpc.deb
      MD5 checksum: b1d9301b8d940c56db3b109dbf90a919
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwmaker0-dev_0.61.1-4.1_powerpc.deb
      MD5 checksum: e838fc1523aded3b3579178aac1ac371
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1-dev_0.61.1-4.1_powerpc.deb
      MD5 checksum: 40439c0a37869a3af76cfe0ff67749cf
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/libwraster1_0.61.1-4.1_powerpc.deb
      MD5 checksum: 35e8e93bc4e2ccacfee57e9d34109365
     http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmaker_0.61.1-4.1_powerpc.deb
      MD5 checksum: 5b897aa65e02da99a9fadab007b72b79

  Sun Sparc architecture:
     http://security.debian.org/dists/stable/updates/main/binary-sparc/libdockapp-dev_0.61.1-4.1_sparc.deb
      MD5 checksum: 67327e4837e615ecc11aaf299cd021d7
     http://security.debian.org/dists/stable/updates/main/binary-sparc/libwings-dev_0.61.1-4.1_sparc.deb
      MD5 checksum: 6cb2dd71640f8dc7504aacd7d6aed008
     http://security.debian.org/dists/stable/updates/main/binary-sparc/libwmaker0-dev_0.61.1-4.1_sparc.deb
      MD5 checksum: 02b5ddb9dbb345a2e51894a6b536b342
     http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1-dev_0.61.1-4.1_sparc.deb
      MD5 checksum: f6dade2112ad2ed0e309db43718e65de
     http://security.debian.org/dists/stable/updates/main/binary-sparc/libwraster1_0.61.1-4.1_sparc.deb
      MD5 checksum: 45980b7e4ad1eb2d4fa2402180750328
     http://security.debian.org/dists/stable/updates/main/binary-sparc/wmaker_0.61.1-4.1_sparc.deb
      MD5 checksum: 40493ced3e5343deecc560e6c3c633a4

  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory  ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

--
----------------------------------------------------------------------------
apt-get: deb  http://security.debian.org/ stable/updates main
dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Today's Security Hacks Are After More Than Bank Info
How Boston Children's Hospital Hit Back at Anonymous
SNMP DDoS Scans Spoof Google Public DNS Server
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.