Debian Security Advisory

amd -- Buffer overflow in amd

Date Reported:
24 Sep 1999
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 614.
In Mitre's CVE dictionary: CVE-1999-0704.
CERT's vulnerabilities, advisories and incident notes: CA-1999-12.
More information:
The version of amd that was distributed with Debian GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory name to amd's logging code would overflow a buffer which could be exploited. This has been fixed in version 23.0slink1.

Update: This fix caused an error that has been corrected in version upl102-23.slink2. Please refer to the updated DSA page for amd, for information on correcting this problem.