Debian Security Advisory
super -- Buffer overflow in super.
- Date Reported:
- 15 Feb 1999
- Affected Packages:
- super
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 342, BugTraq ID 397.
In Mitre's CVE dictionary: CVE-1999-0373, CVE-1999-0381. - More information:
- We have received reports about two buffer overflows in the
super package which was distributed as part of Debian GNU/Linux. Firstly, for
per-user .supertab files super didn't check for a buffer overflow when creating
the path to the user's .supertab file. Secondly another buffer overflow did
allow ordinary users to overflow super by creating a nasty personal .supertab
file. We recommend you upgrade your super packages immediately.
An analysis of the super vulnerability is available at this Securityfocus archive page.
- Fixed in:
-
- Source:
-
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7.orig.tar.gz
-
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.diff.gz
-
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.dsc
- i386:
-
http://ftp.debian.org/debian/dists/potato/main/binary-i386/admin/super_3.11.7-1.deb
- m68k:
-
http://ftp.debian.org/debian/dists/potato/main/binary-m68k/admin/super_3.11.7-1.deb