- ------------------------------------------------------------------------Debian Security Advisory DSA-1398-1                security@debian.org
http://www.debian.org/security/                         Noah Meyerhans
November 05, 2007                   http://www.debian.org/security/faq
- ------------------------------------------------------------------------Package        : perdition
Vulnerability  : format string error
Problem type   : remote
Debian-specific: no
CVE Id(s)      : CVE-2007-5740
Debian Bug     : 448853

Bernhard Mueller of SEC Consult has discovered a format string
vulnerability in perdition, an IMAP proxy.  This vulnerabilty could
allow an unauthenticated remote user to run arbitrary code on the
perdition server by providing a specially formatted IMAP tag.

For the stable distribution (etch), this problem has been fixed in
version 1.17-7etch1

For the old stable distribution (sarge), this problem has been fixed in
version 1.15-5sarge1

We recommend that you upgrade your perdition package.

Upgrade instructions
- --------------------wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (oldstable)
- ----------------------Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     7002 aa17651883aea7cca61424ad9bf8a38e
      Size/MD5 checksum:   551692 7c3aaf30198cf73191a984a76637a940
      Size/MD5 checksum:      919 0e3ce322a1b1ad44abbda163b925d642

alpha architecture (DEC Alpha)

      Size/MD5 checksum:   140360 61d32cd4af764fa65e23d6869653a896
      Size/MD5 checksum:    15650 6d6e3c3203ae4295c9662e0909fb5a6a
      Size/MD5 checksum:    15688 2b90d41bcdea29588c2f35fab48d0509
      Size/MD5 checksum:    17238 5bead1ab538267fc333eb4f6b9c020ef
      Size/MD5 checksum:     6468 ecb0e3ac2a09ec9f0f44ed96ee4d8593
      Size/MD5 checksum:    15610 8f04933904f13f965f5f2898f1bdc9a3

arm architecture (ARM)

      Size/MD5 checksum:    14328 a592a1921bd1705f318ec595aceefeab
      Size/MD5 checksum:    15592 6aa78127518ba95bdb8a1266a5c6f1a0
      Size/MD5 checksum:     6294 e3b87dc37c4155bae044c4be22300921
      Size/MD5 checksum:   122276 430dc58170a7a8ab2d704585f67fb99d
      Size/MD5 checksum:    14252 f5fa0615aab2a529ae3afc2dbe08a2cf
      Size/MD5 checksum:    14232 7f2ced3580dc952edaf8bb1507a0285b

i386 architecture (Intel ia32)

      Size/MD5 checksum:   119726 4671079309c853aa5d13f2918f53c1f2
      Size/MD5 checksum:    15528 9079ac2b06bb7fba3144ce3f76c3c215
      Size/MD5 checksum:    14326 633db52e6fcf8b4f2e099937498a012f
      Size/MD5 checksum:     6294 b16d645566732d1385de81877c952d96
      Size/MD5 checksum:    14348 2f5b1b22d2b482082d83cc8a9070b964
      Size/MD5 checksum:    14232 b75a42714104e1578c8b3627c74c2d60

ia64 architecture (Intel ia64)

      Size/MD5 checksum:    15646 ce470700b01bf4029d165fd9facf7b0c
      Size/MD5 checksum:    15960 4308037c87227c4cb241550051231e65
      Size/MD5 checksum:    16174 635178c31b530f056940a831aa0abd26
      Size/MD5 checksum:   154432 1c987a16dab826bc2f91fb2cfe2fe9eb
      Size/MD5 checksum:     6474 420ef22494611bb6b226371dab5af2f3
      Size/MD5 checksum:    18074 5da4650e73140e159176900dbea7e67f

m68k architecture (Motorola Mc680x0)

      Size/MD5 checksum:    14116 bf50e0ce53a1684791e0f70bc46d0894
      Size/MD5 checksum:     6310 6df8da9a9ddb992d70814c5adbec0bba
      Size/MD5 checksum:   111874 7f3a64e9b80eed65dc4a8baf72a4a21c
      Size/MD5 checksum:    14958 f3fc80302751e739f21386c6c60aa88d
      Size/MD5 checksum:    14038 5317d2d8622b06e51c980bea933df28d
      Size/MD5 checksum:    14086 7347aa18e38d21835378dae7cc4b8ea9

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:    14736 5204bfc0fdda0a9827403721a5f74fbb
      Size/MD5 checksum:    14750 28ae200d940390f2b1ac85673bd74c0b
      Size/MD5 checksum:   122244 6c4e31d7d79c3aa8a98d7abc16f84b8f
      Size/MD5 checksum:    14336 9a10a377ffb800b0f291735f011ef5d2
      Size/MD5 checksum:     6432 2fccbe671d4c2e5cd491d84adfc64f5b
      Size/MD5 checksum:    15690 aacfe57aa71fc2f50cf9d1ee5b8550bb

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:    14786 9d069d930037028087d0c3aa4ddeb2f6
      Size/MD5 checksum:    14364 052fade4c32b33b86328077718986e69
      Size/MD5 checksum:    14760 86e078db1864501427ad8fbf1503d271
      Size/MD5 checksum:   122662 1717cabea73b8af8a21dfd3307236b8c
      Size/MD5 checksum:     6432 02d7d96d7819c99205ea32fb7595cc67
      Size/MD5 checksum:    15670 60b51caca1c4431733171bec91a2bcfb

powerpc architecture (PowerPC)

      Size/MD5 checksum:    18406 e01d845c4282963a8d9f05da607e1468
      Size/MD5 checksum:     6344 60eec8df1c7cef0b7616f109148596d0
      Size/MD5 checksum:    16654 0ff82c98dedb64264012aee0aa64d9bb
      Size/MD5 checksum:    16582 9f8590f59b057ab020f55c6edf0628ee
      Size/MD5 checksum:    16270 81999506638884dcc6a8c181ea75243b
      Size/MD5 checksum:   135304 fc69b32ba59913f8215f330c41fa8770

s390 architecture (IBM S/390)

      Size/MD5 checksum:    14574 f6072205d4c7bc2cc79f5c86075c60fa
      Size/MD5 checksum:    14664 df980932a537964b84170349864775f3
      Size/MD5 checksum:     6398 05d63c9973dbe3833dfb56cbe4e6a165
      Size/MD5 checksum:   121700 b142e3e38cbc63133ff30f6c79f99c9c
      Size/MD5 checksum:    16154 eb5267cab225c032bbcc2ef11f5cdc88
      Size/MD5 checksum:    14642 1b194c882b3313b026c6b735b5c0dfa8

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:   119174 e09001fe3f590f29c5c164bb4191a4dd
      Size/MD5 checksum:    14314 7b652d5237f60d880d2a21c177bb78fb
      Size/MD5 checksum:    14262 9de4a843f84712d83ae3673f0b728f69
      Size/MD5 checksum:    14490 8da7b70b34c0f73c4950c1fd667bcf35
      Size/MD5 checksum:     6308 2a0b24bd5958d7fe3cd076fa39f38878
      Size/MD5 checksum:    15508 ae102d40df70a62b40660b5dc37eb850

Debian 4.0 (stable)
- ---------------Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:   552149 6cef90e55bde9eb2d0a17acccb3516f3
      Size/MD5 checksum:      909 325066ab30c9d78d6af74004fa0f8ecc
      Size/MD5 checksum:   115530 ce6a018ab54dfdff0beebd4661dcdfec

alpha architecture (DEC Alpha)

      Size/MD5 checksum:    16738 8ef93a770527f4236a0e1804e0e253f7
      Size/MD5 checksum:     7282 4d4ce85a1d8031126f9e2b3d247bbb93
      Size/MD5 checksum:    17840 b7f3ac347093a06d0977c999abb5f4c3
      Size/MD5 checksum:   143348 0f53f3e54780e13281be2868cdc6c2ca
      Size/MD5 checksum:    16444 9f278192b8b0668ee75e1961c30303d0
      Size/MD5 checksum:    16554 efdc20c855aa0396f0d1953075ebccdd

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:   129406 57be430d9dbf3787947f6bfe5275d1ac
      Size/MD5 checksum:    15828 ca4ce1853dae920a260b76a3adce855f
      Size/MD5 checksum:    15412 f3c60a210c4796b258b613ea9d194be1
      Size/MD5 checksum:    15696 6eca25001130b6f6453a0d3effdfb7e4
      Size/MD5 checksum:    16460 5be1284fa134c35741bfcd455c103794
      Size/MD5 checksum:     7172 b559a95c0beb7705378b6c6b745327d0

arm architecture (ARM)

      Size/MD5 checksum:    14976 3713cf6a1adc3d275f568d30dcf6115b
      Size/MD5 checksum:     7090 0e4f92fb781bbbd9622aac483add1bea
      Size/MD5 checksum:    15806 7550b203c67234202c58228746c9e02c
      Size/MD5 checksum:    14850 12733c48be965b35404e501d6cf9bd4f
      Size/MD5 checksum:   126442 65d6d2d4e8754012aa50048435739f49
      Size/MD5 checksum:    14786 70652666820ae4056d7af86e96ae5f52

i386 architecture (Intel ia32)

      Size/MD5 checksum:    15188 0890a10870f164a52fb0264892828a28
      Size/MD5 checksum:    14994 bccc80e234204421a84dd9ab78b621ca
      Size/MD5 checksum:    15160 9a17d7063805c8d9499f98d083dfd130
      Size/MD5 checksum:   123700 3be7e162e22f57515475dfc253ada667
      Size/MD5 checksum:    16216 98fc325b45d1a2f73660ab85449adbf9
      Size/MD5 checksum:     7096 2863aa3f4703232e38036b389ea364da

ia64 architecture (Intel ia64)

      Size/MD5 checksum:    18892 555cd8c6241693b2956abb63b7f48ea4
      Size/MD5 checksum:     7322 754fd15738c4c03d0561403090a90a73
      Size/MD5 checksum:   165476 23a036b76309eb03942c6e05a645bc86
      Size/MD5 checksum:    16916 8946d6a58fd2b6f432e8b807e58b87fb
      Size/MD5 checksum:    16892 1b3ff231b9ddafd3a283bd018ea74338
      Size/MD5 checksum:    17268 081dd79a908bc799e9d1bcb0a6c6ce7d

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:     7278 c30e1f3482ceba7d4ca40831acc5fd7f
      Size/MD5 checksum:    16132 5291cbe181a6bcbe8b37a52c24f746f9
      Size/MD5 checksum:    15558 caeece00516ae11ec3034d78a447e336
      Size/MD5 checksum:    15276 e095ff5a72a39d30548889a4d674dbe9
      Size/MD5 checksum:   126958 d569b278ed66bc83b41f041c44f13a35
      Size/MD5 checksum:    15320 a5188386bcea856f51f293c7495524df

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:    15566 7be5d8df6460bc213c5f24374a240951
      Size/MD5 checksum:    15334 11f0b17bdcc59ecf472ca1bd5ef9b8af
      Size/MD5 checksum:    16144 df194c4504ee6423a8a02fcdaba4b73f
      Size/MD5 checksum:     7288 ff868a99e00b9a79079ef473fd295898
      Size/MD5 checksum:    15292 dd31cb5d8077116c397e40a444fa42dd
      Size/MD5 checksum:   127190 a16586a287c915646a39d00e7ff70dea

powerpc architecture (PowerPC)

      Size/MD5 checksum:    17422 a109e5de9dfe83129c5375c4d7c145bc
      Size/MD5 checksum:    18730 ea33d517d9e183651f4a3e2926aa299b
      Size/MD5 checksum:     7152 8dbaf586595d600d793bd4c58972b647
      Size/MD5 checksum:    17646 0a2b3b1af367b12571e9c9c91cedb2e5
      Size/MD5 checksum:   140550 eb71ac24c57ec6686793d0bbb8231b8f
      Size/MD5 checksum:    17104 97ad739ca7bdcc20b8de1d07c7c062ab

s390 architecture (IBM S/390)

      Size/MD5 checksum:    15518 0be191cf603a83c82adb5d9b88f9139b
      Size/MD5 checksum:     7196 2783f828b8391ba8c07ccbda8489d049
      Size/MD5 checksum:    16962 37947b3bd3d0723f06e2d667d58474fc
      Size/MD5 checksum:   128810 4898f9176d7805d503c11491c6b64914
      Size/MD5 checksum:    15494 2ae2f17de7eac2ec333dd5133b16f865
      Size/MD5 checksum:    15520 96c5378568da0704d5a74d34c034dd6d

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:    15082 b463f4fa8e72d317d2f5b3b39c66e592
      Size/MD5 checksum:     7120 bf088cf218a8f3017bb29121fccca6e9
      Size/MD5 checksum:    16160 9dc3638082c29dff33346ff2490ae63b
      Size/MD5 checksum:    15182 a00acb5a8180a0c3298af0d464489d84
      Size/MD5 checksum:   123474 e00eda5c5af3bcd4bbc347e8e4e21e85
      Size/MD5 checksum:    15358 bdc7459986000be5cd14379388bfdba9


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

Debian: New perdition packages fix arbitrary code execution

November 5, 2007
Bernhard Mueller of SEC Consult has discovered a format string vulnerability in perdition, an IMAP proxy

Summary

Severity

Related News

28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for
4.Lock AbstractDigital Esm H320
2 - 3 min read
Canonical , the company behind Ubuntu , has introduced Netplan 1.0 , a network configuration tool that simplifies networking configuration on Linux

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved