LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: November 21st, 2014
Linux Security Week: November 17th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New nfs-user-server packages fix arbitrary code execution Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian Marcus Meissner discovered that attackers can trigger a buffer overflow in the path handling code by creating or abusing existing symlinks, which may lead to the execution of arbitrary code.

This vulnerability isn't present in the kernel NFS server.

- --------------------------------------------------------------------------
Debian Security Advisory DSA 975-1                     security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
February 15th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : nfs-user-server
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-0043
Debian Bug     : 350020

Marcus Meissner discovered that attackers can trigger a buffer overflow
in the path handling code by creating or abusing existing symlinks, which
may lead to the execution of arbitrary code.

This vulnerability isn't present in the kernel NFS server.

This update includes a bugfix for attribute handling of symlinks. This
fix does not have security implications, but at the time when this DSA
was prepared it was already queued for the next stable point release, so
we decided to include it beforehand.

For the old stable distribution (woody) this problem has been fixed in
version 2.2beta47-12woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.2beta47-20sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.2beta47-22.

We recommend that you upgrade your nfs-user-server package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.dsc
      Size/MD5 checksum:      727 f4971401042d4274c2cb4849c3322593
    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.diff.gz
      Size/MD5 checksum:     8752 9380de4b1fd8936dc4b19af0b57040b6
    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
      Size/MD5 checksum:   198202 79a29fe9f79b2f3241d4915767b8c511

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_alpha.deb
      Size/MD5 checksum:   119962 37cfb09732006201cde06683d2a9a4d9
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_alpha.deb
      Size/MD5 checksum:    26790 103f998c7a540b9ac7062b6f62665671

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_arm.deb
      Size/MD5 checksum:   100406 0edad22179223402ac88f45fda7d1c7d
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_arm.deb
      Size/MD5 checksum:    25010 c42c15bad3488459267edb127bae00db

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_i386.deb
      Size/MD5 checksum:    97778 ec19dcb4ae4acc430555962d728e326e
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_i386.deb
      Size/MD5 checksum:    25030 a7091d7be5eb9dd028efd7583a9af598

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_ia64.deb
      Size/MD5 checksum:   140182 88fa7ef8e9993c8660506f2e90b28f85
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_ia64.deb
      Size/MD5 checksum:    28224 c4b5fa3f0dcab42a066eea6366dae92d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_hppa.deb
      Size/MD5 checksum:   112212 796f3f24a5eb4b618e0cf831d06cbd29
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_hppa.deb
      Size/MD5 checksum:    25880 bd51ab530c8a099dc077888a86f656e7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_m68k.deb
      Size/MD5 checksum:    94898 4b63d1ee24bdc0dbd75513bcd650894f
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_m68k.deb
      Size/MD5 checksum:    24930 5d2768fb43739ef682561e2399ee2cd0

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mips.deb
      Size/MD5 checksum:   111030 459c4f52cdd13b0cf1917d142d0c03b2
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mips.deb
      Size/MD5 checksum:    25540 dfcdfe4d7c1b8f1274630c7db761c914

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mipsel.deb
      Size/MD5 checksum:   111446 9f2f37c96fabc15e037d821f84dafab8
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mipsel.deb
      Size/MD5 checksum:    25590 fe7a5c5d0d7fb22cf59fac74b0f08e61

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_powerpc.deb
      Size/MD5 checksum:   103378 bb684d3b6ace660a06608677bf42abca
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_powerpc.deb
      Size/MD5 checksum:    25176 b1a5f42c93c86bedf01f459e02800604

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_s390.deb
      Size/MD5 checksum:   101950 32942df18a5cad32d78b04b68f99d606
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_s390.deb
      Size/MD5 checksum:    25608 a0babe0ae65985a7ff390c5fb5c30431

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_sparc.deb
      Size/MD5 checksum:   107812 0322f911f95274cf4e74918231110a22
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_sparc.deb
      Size/MD5 checksum:    27656 728dbf0467fc5319dda627cffb5b0f4f


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.dsc
      Size/MD5 checksum:      673 9b2bad20c71ddaf5a31e0764f111abc5
    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.diff.gz
      Size/MD5 checksum:    12338 de7022e8239557edb4fff49d8651b9ae
    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
      Size/MD5 checksum:   198202 79a29fe9f79b2f3241d4915767b8c511

  Alpha architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_alpha.deb
      Size/MD5 checksum:   122462 9fc16fc80cb69776da8f4217b45ceddd
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_alpha.deb
      Size/MD5 checksum:    29580 a123ff09327972254f4b736abf1e5db0

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_amd64.deb
      Size/MD5 checksum:   110186 c5938250b19c67cfb4c8352c1f4cae73
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_amd64.deb
      Size/MD5 checksum:    28684 e413492c8d61bc339dca4b8586ede74a

  ARM architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_arm.deb
      Size/MD5 checksum:   102044 1020ae06e3524bb426ee0666edf8d626
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_arm.deb
      Size/MD5 checksum:    27362 76018f40e851b9ea6e96e07f536dcfcf

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_i386.deb
      Size/MD5 checksum:   103032 4d84d4fd08b7f4ac1d2ae2f465c2b473
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_i386.deb
      Size/MD5 checksum:    27564 4c8387e8923f6ca051e7faa81456fb59

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_ia64.deb
      Size/MD5 checksum:   136580 83ec00d7bf446c9e41c848f0af7baee6
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_ia64.deb
      Size/MD5 checksum:    31386 45b03ce151804aa48c16cb87c36f571f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_hppa.deb
      Size/MD5 checksum:   112918 242ac2588388bc9878d45ceea94c57bc
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_hppa.deb
      Size/MD5 checksum:    28812 c18c3bb06db6f50f9de0b60ad2d7150a

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_m68k.deb
      Size/MD5 checksum:    97290 d6aba5f712d0841e7ebeae434d8a5ef3
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_m68k.deb
      Size/MD5 checksum:    27162 ddfca380400f3df7ed4ca9cd888305f2

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mips.deb
      Size/MD5 checksum:   113558 7c671ca41a871d1a3ae0174ec352ece7
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mips.deb
      Size/MD5 checksum:    28970 af3d00cce44cb8d316dd440ba9c5663f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mipsel.deb
      Size/MD5 checksum:   114480 62d49e116259424b08b9e0f07a8a3c96
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mipsel.deb
      Size/MD5 checksum:    29018 dc28659c54a23649d020e9d251055763

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_powerpc.deb
      Size/MD5 checksum:   108538 18fd45042a32fc7e4df58e1aabcd5d58
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_powerpc.deb
      Size/MD5 checksum:    29514 b35ae6a1ee9e3c076c1170b94d78ee4a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_s390.deb
      Size/MD5 checksum:   109840 626e4c86cb765dbef4479873b39d37ec
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_s390.deb
      Size/MD5 checksum:    28672 f0d629f5273eade0b74fb1dd16e988e8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_sparc.deb
      Size/MD5 checksum:   102856 8bcb39c3a1a7287d5b5911b2f302d04b
    http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_sparc.deb
      Size/MD5 checksum:    27518 9618af8d95b951d5291ad4a7fd266393


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How to weed out the next Heartbleed bug: ENISA details crypto worries
Attackers Using Compromised Web Plug-Ins in CryptoPHP Blackhat SEO Campaign
Finally, a New Clue to Solve the CIA’s Mysterious Kryptos Sculpture
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.