RH6.0: mars_nwe (RHSA-1999:037-01)
Posted by LinuxSecurity.com Team   
RedHat Linux There are several buffer overruns in the mars_nwe package.
 
Red Hat, Inc. Security Advisory
Package mars_nwe

Synopsis Buffer overflow in mars_nwe

Advisory ID RHSA-1999:037-01

Issue Date 1999-09-13

Updated on

Keywords mars_nwe buffer



1. Topic:
There are several buffer overruns in the mars_nwe package.

2. Bug IDs fixed:
5002

3. Relevant releases/architectures:
Red Hat Linux 6.0, all architectures

4. Obsoleted by:
None

5. Conflicts with:
None

6. RPMs required:

Intel:

ftp://updates.Red Hat.com/6.0/i386/

mars- nwe-0.99pl17-4.i386.rpm

Alpha:

ftp://updates.Red Hat.com/6.0/alpha

mars-nwe-0.99pl17-4.alpha.rpm

SPARC:

ftp://updates.Red Hat.com/6.0/sparc

mars-nwe-0.99pl17-4.sparc.rpm

Source:

ftp://updates.Red Hat.com/6.0/SRPMS

mars- nwe-0.99pl17-4.src.rpm

Architecture neutral:

ftp://updates.Red Hat.com/6.0/noarch/

7. Problem description:
Buffer overflows are present in the mars_nwe package. Since the code that contains these overflows is run as root, a local root compromise is possible if users create carefully designed directories and/or bindery objects.

A sample exploit has been made available.

Thanks go to Przemyslaw Frasunek (secure@freebsdf.lublin.pl) and Babcia Padlina Ltd. for noting the problem and providing a patch.

8. Solution:
For each RPM for your particular architecture, run:

rpm -Uvh filename

where filename is the name of the RPM.

9. Verification:


 MD5 sum                           Package Name

 -------------------------------------------------------------------------
adbd809d9de3d22fed637bcf56ede66f  i386/mars-nwe-0.99pl17-4.i386.rpm
729f888a3c1ebb87bcf04c204bf7b9dc  alpha/mars-nwe-0.99pl17-4.alpha.rpm
bf73f67c225c2edce4d7ee52b5796803  sparc/mars-nwe-0.99pl17-4.sparc.rpm
b9c61129b2e04d25c48863ededc35568  SRPMS/mars-nwe-0.99pl17-4.src.rpm






 
These packages are also PGP signed by Red Hat Inc. for security. Our key is available at: http://www.Red Hat.com/corp/contac t.html

You can verify each package with the following command:

rpm --checksig filename

If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command:

rpm --checksig --nopgp filename

10. References:
Bugtraq ID: 617 <19990830200449.54656.qmail@lagoon.FreeBSD.lublin.pl>