Alerta de Segurança Debian
DSA-314-1 atftp -- buffer overflow
- Data do Alerta:
- 11 Jun 2003
- Pacotes Afetados:
- atftp
- Vulnerável:
- Sim
- Referência à base de dados de segurança:
- No dicionário CVE do Mitre: CVE-2003-0380.
- Informações adicionais:
-
Rick Patel descobriu que o atftpd é vulnerável a um buffer overflow quando nomes de arquivos longos são enviados ao servidor. Um atacante pode explorar esta falha remotamente para executar código arbitrário no servidor.
Na atual distribuição estável (woody), este problema foi corrigido na versão 0.6.1.1.0woody1.
A antiga distribuição estável (potato) não contém pacotes atftp.
Na distribuição instável (sid), este problema será corrigido em breve.
Nós recomendamos que você atualize seus pacotes atftp.
- Corrigido em:
-
Debian GNU/Linux 3.0 (woody)
- Fonte:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.dsc
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.tar.gz
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1.tar.gz
- Alpha:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_alpha.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_alpha.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_arm.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_arm.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_i386.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_i386.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_ia64.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_ia64.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_hppa.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_hppa.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_m68k.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_m68k.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mips.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mips.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_s390.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_s390.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/a/atftp/atftp_0.6.0woody1_sparc.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_sparc.deb
- http://security.debian.org/pool/updates/main/a/atftp/atftpd_0.6.0woody1_sparc.deb
Checksums MD5 dos arquivos listados estão disponíveis no alerta original.