Debians sikkerhedsbulletin
DSA-042-1 gnuserv -- buffer-overløb, svag sikkerhed
- Rapporteret den:
- 9. mar 2001
- Berørte pakker:
- gnuserv, xemacs21
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 2333.
I Mitres CVE-ordbog: CVE-2001-0191. - Yderligere oplysninger:
- Klaus Frank har fundet en svaghed i den måde gnuserv
behandlede forbindelse fra fjernbrugere. Gnuserv er en
fjernstyrings-kontrolfacilitet til Emacsen, der er tilgængelige som
separat program så vel som indeholdt i XEmacs21.
Gnuserv har en buffer hvortil der blev udført utilstrækkelig overløbskontrol.
Desværre påvirkede denne bruger adgangskontrol til gnuserv, der anvender et
MIT-MAGIC-COOCKIE-baseret system. Det er muligt at få bufferen indeholdende
cookie'en til at løbe over, og dermed ødelægge cookie-sammenligninger.
Gnuserv er baseret på emacsserver som er en del af GNU Emacs. Den er blevet skrevet helt om og der er ikke meget tilbage fra den gang, den var en del af GNU Emacs. Derfor lader det ikke til at versionerne af emacssserver i både Emacs19 og Emacs20 ikke til at være sårbare i forbindelse med denne fejl, de har ikke engang en MIT-MAGIC-COOKIE-baseret mekanisme. based mechanism.
Dette kunne give en fjernbruger adgang til at udføre kommander under UID'en på den bruger, der kørte gnuserv.
- Rettet i:
-
Debian 2.2 (potato)
- Kildekode:
-
http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha-5.1.dsc
-
http://security.debian.org/dists/stable/updates/main/source/gnuserv_2.1alpha.orig.tar.gz
-
http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.diff.gz
-
http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10-5.dsc
-
http://security.debian.org/dists/stable/updates/main/source/xemacs21_21.1.10.orig.tar.gz
- Arkitekturuafhængig komponent:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-support_21.1.10-5_all.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-supportel_21.1.10-5_all.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21_21.1.10-5_all.deb
- alpha:
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/gnuserv_2.1alpha-5.1_alpha.deb
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-bin_21.1.10-5_alpha.deb
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule-canna-wnn_21.1.10-5_alpha.deb
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-mule_21.1.10-5_alpha.deb
-
http://security.debian.org/dists/stable/updates/main/binary-alpha/xemacs21-nomule_21.1.10-5_alpha.deb
- arm:
-
http://security.debian.org/dists/stable/updates/main/binary-arm/gnuserv_2.1alpha-5.1_arm.deb
-
http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-bin_21.1.10-5_arm.deb
-
http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule-canna-wnn_21.1.10-5_arm.deb
-
http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-mule_21.1.10-5_arm.deb
-
http://security.debian.org/dists/stable/updates/main/binary-arm/xemacs21-nomule_21.1.10-5_arm.deb
- i386:
-
http://security.debian.org/dists/stable/updates/main/binary-i386/gnuserv_2.1alpha-5.1_i386.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-bin_21.1.10-5_i386.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule-canna-wnn_21.1.10-5_i386.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-mule_21.1.10-5_i386.deb
-
http://security.debian.org/dists/stable/updates/main/binary-i386/xemacs21-nomule_21.1.10-5_i386.deb
- m68k:
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/gnuserv_2.1alpha-5.1_m68k.deb
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-bin_21.1.10-5_m68k.deb
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-mule-canna-wnn_21.1.10-5_m68k.deb
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-mule_21.1.10-5_m68k.deb
-
http://security.debian.org/dists/stable/updates/main/binary-m68k/xemacs21-nomule_21.1.10-5_m68k.deb
- powerpc:
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gnuserv_2.1alpha-5.1_powerpc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-bin_21.1.10-5_powerpc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule-canna-wnn_21.1.10-5_powerpc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-mule_21.1.10-5_powerpc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-powerpc/xemacs21-nomule_21.1.10-5_powerpc.deb
- sparc:
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/gnuserv_2.1alpha-5.1_sparc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-bin_21.1.10-5_sparc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule-canna-wnn_21.1.10-5_sparc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-mule_21.1.10-5_sparc.deb
-
http://security.debian.org/dists/stable/updates/main/binary-sparc/xemacs21-nomule_21.1.10-5_sparc.deb