Advertisement
Home arrow ITsec Advisories arrow DSA-1527-1 debian-goodies -- insufficient input sanitising
Thursday, 07 August 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  7352  78.10%
Win 2003  1419  15.07%
FreeBSD  367  3.90%
Win 2000  178  1.89%
Unknown  59  0.63%
Other  39  0.41%

Total attacks: 9414 of which 3183 single ip and 6231 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
DSA-1527-1 debian-goodies -- insufficient input sanitising PDF Print E-mail
User Rating: / 0
PoorBest 
Written by Marcelo Almeida (Vympel)   
Tuesday, 25 March 2008
Date Reported: 24 Mar 2008
Affected Packages:debian-goodies
Vulnerable:Yes
Security database references: In the Debian bugtracking system: Bug 440411. In Mitre's CVE dictionary: CVE-2007-3912.
More information: Thomas de Grenier de Latour discovered that the checkrestart tool in the debian-goodies suite of utilities, allowed local users to gain privileges via shell metacharacters in the name of the executable file for a running process.
For the stable distribution (etch), this problem has been fixed in version 0.27+etch1.
For the old stable distribution (sarge), this problem has been fixed in version 0.24+sarge1.
For the unstable distribution (sid), this problem has been fixed in version 0.34.
We recommend that you upgrade your debian-goodies package....
Fixed in:

Debian GNU/Linux 3.1 (sarge)

Source:
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.tar.gz
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.23+sarge1_all.deb

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.dsc
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1.tar.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/d/debian-goodies/debian-goodies_0.27+etch1_all.deb

MD5 checksums of the listed files are available in the original advisory.


Comments Index (Total Messages: 0)


Post Reply
Name:Guest
Title:
Comment:



Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
 
Top!
© 2008 Zone-H.org
Joomla! is Free Software released under the GNU/GPL License.
 Top!