Debian Security Advisory

super -- Buffer overflow in super.

Date Reported:
15 Feb 1999
Affected Packages:
super
Vulnerable:
Yes
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 342, BugTraq ID 397.
In Mitre's CVE dictionary: CVE-1999-0373, CVE-1999-0381.
More information:
We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didn't check for a buffer overflow when creating the path to the user's .supertab file. Secondly another buffer overflow did allow ordinary users to overflow super by creating a nasty personal .supertab file. We recommend you upgrade your super packages immediately.

An analysis of the super vulnerability is available at this Securityfocus archive page.

Fixed in:
Source:
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7.orig.tar.gz
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.diff.gz
http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.dsc
i386:
http://ftp.debian.org/debian/dists/potato/main/binary-i386/admin/super_3.11.7-1.deb
m68k:
http://ftp.debian.org/debian/dists/potato/main/binary-m68k/admin/super_3.11.7-1.deb