Aviso de seguridad de Debian

DSA-193-1 kdenetwork -- desbordamiento de búfer

Fecha del informe:

11 de nov de 2002

Paquetes afectados:

kdenetwork

Vulnerable:

Sí

Referencias a bases de datos de seguridad:

En la base de datos de Bugtraq (en SecurityFocus): Id. en BugTraq 6157.
En el diccionario CVE de Mitre: CVE-2002-1247.

Información adicional:

iDEFENSE informa de una vulnerabilidad de seguridad en el paquete klisa, que proporciona un servicio de información de la LAN (Red de Área Local) similar al «Entorno de red», que fue descubierto por Texonet. Es posible que un atacante remoto explote esta condición de desbordamiento de búfer en resLISa, una versión restringida de KLISa. La vulnerabilidad se da al analizar la variable de entorno LOGNAME. Un valor suficientemente grande sobreescribirá el puntero de instrucción permitiendo a un atacante redirigir el control del ejecutable.

Este problema se ha corregido en la versión 2.2.2-14.2 para la distribución estable actual (woody) y en la versión 2.2.2-14.3 para la distribución inestable (sid). La distribución estable anterior (potato) no se ve afectada porque no contiene el paquete kdenetwork.

Le recomendamos que actualice el paquete klisa inmediatamente.

Arreglado en:

Debian GNU/Linux 3.0 (woody)

Fuentes:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.2.dsc; http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2-14.2.diff.gz; http://security.debian.org/pool/updates/main/k/kdenetwork/kdenetwork_2.2.2.orig.tar.gz
Alpha:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_alpha.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_arm.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_i386.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_ia64.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_hppa.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_m68k.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_mips.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_mipsel.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_powerpc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_s390.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/k/kdenetwork/kdict_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kit_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/klisa_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kmail_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knewsticker_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/knode_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/korn_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/kppp_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ksirc_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/ktalkd_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libkdenetwork1_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib-dev_2.2.2-14.2_sparc.deb; http://security.debian.org/pool/updates/main/k/kdenetwork/libmimelib1_2.2.2-14.2_sparc.deb

Las sumas MD5 de los ficheros que se listan están disponibles en el aviso original.