Debian Security Advisory

super -- Buffer overflow in super.

Date Reported:
15 Feb 1999
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 342, BugTraq ID 397.
In Mitre's CVE dictionary: CVE-1999-0373, CVE-1999-0381.
More information:
We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didn't check for a buffer overflow when creating the path to the user's .supertab file. Secondly another buffer overflow did allow ordinary users to overflow super by creating a nasty personal .supertab file. We recommend you upgrade your super packages immediately.

An analysis of the super vulnerability is available at this Securityfocus archive page.

Fixed in: