Bugtraq mailing list archives
[RHSA-1999:037-01] Buffer overflow in mars_nwe
From: notting () REDHAT COM (Bill Nottingham)
Date: Mon, 13 Sep 1999 17:28:49 -0400
--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Buffer overflow in mars_nwe Advisory ID: RHSA-1999:037-01 Issue date: 1999-09-13 Updated on: Keywords: mars_nwe buffer Cross references: --------------------------------------------------------------------- 1. Topic: There are several buffer overruns in the mars_nwe package. 2. Bug IDs fixed (http://developer.redhat.com/bugzilla for more info): 5002 3. Relevant releases/architectures: Red Hat Linux 6.0, all architectures Red Hat Linux 4.2, 5.2 Intel (mars_nwe was not built for Alpha and Sparc in previous versions of Red Hat Linux.) 4. Obsoleted by: 5. Conflicts with: 6. RPMs required: Red Hat Linux 4.2: Intel: ftp://updates.redhat.com//4.2/i386/mars-nwe-0.99pl17-0.4.2.i386.rpm Source packages: ftp://updates.redhat.com//4.2/SRPMS/mars-nwe-0.99pl17-0.4.2.src.rpm Red Hat Linux 5.2: Intel: ftp://updates.redhat.com//5.2/i386/mars-nwe-0.99pl17-0.5.2.i386.rpm Source packages: ftp://updates.redhat.com//5.2/SRPMS/mars-nwe-0.99pl17-0.5.2.src.rpm Red Hat Linux 6.0: Intel: ftp://updates.redhat.com//6.0/i386/mars-nwe-0.99pl17-4.i386.rpm Alpha: ftp://updates.redhat.com//6.0/alpha/mars-nwe-0.99pl17-4.alpha.rpm Sparc: ftp://updates.redhat.com//6.0/sparc/mars-nwe-0.99pl17-4.sparc.rpm Source packages: ftp://updates.redhat.com//6.0/SRPMS/mars-nwe-0.99pl17-4.src.rpm 7. Problem description: Buffer overflows are present in the mars_nwe package. Since the code that contains these overflows is run as root, a local root compromise is possible if users create carefully designed directories and/or bindery objects. A sample exploit has been made available. Thanks go to Przemyslaw Frasunek (secure () freebsdf lublin pl) and Babcia Padlina Ltd. for noting the problem and providing a patch. 8. Solution: For each RPM for your particular architecture, run: rpm -Uvh <filename> where filename is the name of the RPM. 9. Verification: MD5 sum Package Name -------------------------------------------------------------------------- 350882fd246344891f04d7419561eb8f i386/mars-nwe-0.99pl17-0.4.2.i386.rpm 99134c2f507c906483320b9748b6334c SRPMS/mars-nwe-0.99pl17-0.4.2.src.rpm 2dd6f7cf55f8ed68ba40b9d98a91adaf i386/mars-nwe-0.99pl17-0.5.2.i386.rpm e3d918c4e52ef051d169d7380e4d8cfe SRPMS/mars-nwe-0.99pl17-0.5.2.src.rpm adbd809d9de3d22fed637bcf56ede66f i386/mars-nwe-0.99pl17-4.i386.rpm 729f888a3c1ebb87bcf04c204bf7b9dc alpha/mars-nwe-0.99pl17-4.alpha.rpm bf73f67c225c2edce4d7ee52b5796803 sparc/mars-nwe-0.99pl17-4.sparc.rpm b9c61129b2e04d25c48863ededc35568 SRPMS/mars-nwe-0.99pl17-4.src.rpm These packages are PGP signed by Red Hat Inc. for security. Our key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig <filename> If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nopgp <filename> 10. References: Bugtraq ID: 617 <19990830200449.54656.qmail () lagoon FreeBSD lublin pl>
Current thread:
- (no subject) Mark Ultor (Sep 09)
- Re: your mail KSR[T] Contact Account (Sep 11)
- elm filter program Cornelius Krasel (Sep 12)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Olaf Titz (Sep 14)
- Re: Hotmail security vulnerability - injecting JavaScript using Alan Cox (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Georgi Guninski (Sep 15)
- Re: Hotmail security vulnerability - injecting JavaScript using<STYLE> tag Eivind Eklund (Sep 15)
- [support_feedback () us-support external hp com: Security Bulletins Digest] Patrick Oonk (Sep 15)
- Hotmail security vulnerability - injecting JavaScript using <STYLE> tag Georgi Guninski (Sep 13)
- Re: elm filter program Bill Pemberton (Sep 13)
- [RHSA-1999:037-01] Buffer overflow in mars_nwe Bill Nottingham (Sep 13)