Security Information / 1999 / Security Information -- amd

Debian Security Advisory

amd -- Buffer overflow in amd

Date Reported:

24 Sep 1999

Affected Packages:

amd

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 614.
In Mitre's CVE dictionary: CVE-1999-0704.
CERT's vulnerabilities, advisories and incident notes: CA-1999-12.

More information:

The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory name to amd's logging code would overflow a buffer which could be exploited. This has been fixed in version 23.0slink1.

Update: This fix caused an error that has been corrected in version upl102-23.slink2. Please refer to the updated DSA page for amd, for information on correcting this problem.