Debian Security Advisory
userv -- local exploit
- Date Reported:
- 27 Jul 2000
- Affected Packages:
- userv
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
- The version of userv that was distributed with Debian
GNU/Linux 2.1 (slink) had a problem in the fd swapping algorithm: it could
sometimes make an out-of-bounds array reference. It might be possible for local
users to abuse this to carry out unauthorised actions or be able to take
control for service user accounts.
This has been fixed in version 1.0.1.0slink for Debian GNU/Linux 2.1, and version 1.0.1.1potato for Debian GNU/Linux 2.2.
- Fixed in:
-
Debian GNU/Linux 2.1 (slink):
- Source:
- http://security.debian.org/dists/slink/updates/source/userv_1.0.1.0slink.dsc
- http://security.debian.org/dists/slink/updates/source/userv_1.0.1.0slink.tar.gz
- alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/userv_1.0.1.0slink_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/userv_1.0.1.0slink_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/userv_1.0.1.0slink_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/userv_1.0.1.0slink_sparc.deb
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.dsc
- http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.tar.gz
- alpha:
- http://security.debian.org/dists/potato/updates/main/binary-alpha/userv_1.0.1.1potato_alpha.deb
- i386:
- http://security.debian.org/dists/potato/updates/main/binary-i386/userv_1.0.1.1potato_i386.deb
- sparc:
- http://security.debian.org/dists/potato/updates/main/binary-sparc/userv_1.0.1.1potato_sparc.deb