Debian Security Advisory
amd -- Buffer overflow in amd
- Date Reported:
- 24 Sep 1999
- Affected Packages:
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 614.
In Mitre's CVE dictionary: CVE-1999-0704.
CERT's vulnerabilities, advisories and incident notes: CA-1999-12.
- More information:
- The version of amd that was distributed with Debian
GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory name
to amd's logging code would overflow a buffer which could be exploited. This
has been fixed in version 23.0slink1.
Update: This fix caused an error that has been corrected in version upl102-23.slink2. Please refer to the updated DSA page for amd, for information on correcting this problem.