From: UNIRAS (UK Govt CERT) [uniras@niscc.gov.uk] Sent: 30 September 2003 15:37 To: uniras@niscc.gov.uk Cc: interim@lists.niscc.gov.uk Subject: UNIRAS Brief - 547/03 - Debian - local buffer overflow vulnerability in freesweep -----BEGIN PGP SIGNED MESSAGE----- - ---------------------------------------------------------------------------------- UNIRAS (UK Govt CERT) Briefing Notice - 547/03 dated 30.09.03 Time: 16:00 UNIRAS is part of NISCC(National Infrastructure Security Co-ordination Centre) - ---------------------------------------------------------------------------------- UNIRAS material is also available from its website at www.uniras.gov.uk and Information about NISCC is available from www.niscc.gov.uk - ---------------------------------------------------------------------------------- Title ===== Debian Security Advisory: local buffer overflow vulnerability in freesweep Detail ====== - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - -------------------------------------------------------------------------- Debian Security Advisory DSA 391-1 security@debian.org http://www.debian.org/security/ Matt Zimmerman September 28th, 2003 http://www.debian.org/security/faq - - -------------------------------------------------------------------------- Package : freesweep Vulnerability : buffer overflow Problem-Type : local Debian-specific: no CVE Ids : CAN-2003-0828 Steve Kemp discovered a buffer overflow in freesweep, when processing several environment variables. This vulnerability could be exploited by a local user to gain gid 'games'. For the current stable distribution (woody) this problem has been fixed in version 0.88-4woody1. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you update your freesweep package. Upgrade Instructions - - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1.dsc Size/MD5 checksum: 604 3b4fcb708f68923f54b4e6e9a75cdf2f http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1.diff.gz Size/MD5 checksum: 23476 8aa97d3f8d182be549621937a1de34a7 http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88.orig.tar.gz Size/MD5 checksum: 72711 cfcbe96ee572d4e737da3166f20c3f85 Alpha architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_alpha.deb Size/MD5 checksum: 41584 a80ee65d7609074a5fd0bb72a89d35c8 ARM architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_arm.deb Size/MD5 checksum: 35648 42e0fea755cf1de15b96b6441bbca232 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_i386.deb Size/MD5 checksum: 35920 f4d5a64504e5f47aecd81178826c9386 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_ia64.deb Size/MD5 checksum: 49758 b85c448dc51c6abf177287064e458ec2 HP Precision architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_hppa.deb Size/MD5 checksum: 40832 da4299857ed94f24e99581fc8aa7c55b Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_m68k.deb Size/MD5 checksum: 33690 edf0a457199e07e44c3c7b787ab50466 Big endian MIPS architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_mips.deb Size/MD5 checksum: 37940 2a33af6b5b6fc76e67708768492d4e10 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_mipsel.deb Size/MD5 checksum: 37982 3a106328946d6115590228df1112e8b3 PowerPC architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_powerpc.deb Size/MD5 checksum: 36332 03da264cc52ea053cfa19c96ee0a56dd IBM S/390 architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_s390.deb Size/MD5 checksum: 36576 25ba7c0f70f83c2081b7b47a74b3b579 Sun Sparc architecture: http://security.debian.org/pool/updates/main/f/freesweep/freesweep_0.88-4woody1_sparc.deb Size/MD5 checksum: 38638 f59794b6e93379516b6a2b979b4a2db8 These files will probably be moved into the stable distribution on its next revision. - - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/duzXArxCt0PiXR4RAn32AKCv+h9NNYR3R2dyCrSVd3AKAN4NtQCfSo9n qVYmZKquLntrIjwKEA7XVJ4= =+tcG - -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html - ---------------------------------------------------------------------------------- For additional information or assistance, please contact the HELP Desk by telephone or Not Protectively Marked information may be sent via EMail to: uniras@niscc.gov.uk Office Hours: Mon - Fri: 08:30 - 17:00 Hrs Tel: +44 (0) 20 7821 1330 Ext 4511 Fax: +44 (0) 20 7821 1686 Outside of Office Hours: On Call Duty Officer: Tel: +44 (0) 20 7821 1330 and follow the prompts - ---------------------------------------------------------------------------------- UNIRAS wishes to acknowledge the contributions of Debian for the information contained in this Briefing. - ---------------------------------------------------------------------------------- This Briefing contains the information released by the original author. Some of the information may have changed since it was released. If the vulnerability affects you, it may be prudent to retrieve the advisory from the canonical site to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. Neither UNIRAS or NISCC shall also accept responsibility for any errors or omissions contained within this briefing notice. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this notice. UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large. - ---------------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 iQCVAwUBP3mVA4pao72zK539AQFMBAP+KkQUp4rkYPaScbGBbIRK1GfHHb/zstkq OZod7LurZsjYw6teYmVz442ker7Kw+TVnKB8hodbjQYtT4TvrBjpciixQTYBscrQ cbJGrRZO71omWrYfHpJg5NvP3+wxyiqYGFOBMUBctxUaHfQvCPvYRer+5hspYsXZ gatKBamPF/0= =fb6z -----END PGP SIGNATURE-----