Debians sikkerhedsbulletin
DSA-399-1 epic4 -- bufferoverløb
- Rapporteret den:
- 10. nov 2003
- Berørte pakker:
- epic4
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Bugtraq-databasen (hos SecurityFocus): BugTraq-id 8999.
I Mitres CVE-ordbog: CVE-2003-0328. - Yderligere oplysninger:
-
Jeremy Nelson har opdaget et fjernudnytbart bufferoverløb i EPIC4, en populær klient til Internet Relay Chat (IRC). En ondsindet server kunne fremstille et svar der fik klienten til at allokere en negativ mængde hukommelse. Dette kunne føre til et lammelsesangreb hvis klienten kun gik ned, men kunne også gøre det muligt at udføre vilkårlig kode under den chattende brugers brugerid.
I den stabile distribution (woody) er dette problem rettet i version 1.1.2.20020219-2.2.
I den ustabile distribution (sid) er dette problem rettet i version 1.1.11.20030409-2.
Vi anbefaler at du opgraderer din epic4-pakke.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.dsc
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.diff.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219.orig.tar.gz
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/e/epic4/epic4_1.1.2.20020219-2.2_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.