Bugtraq mailing list archives

CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump

From: secure () CONECTIVA COM BR (Conectiva Security)
Date: Fri, 30 Jun 2000 10:22:52 -0300


----------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
----------------------------------------------------------------------

PACKAGE: dump
SUMMARY: Buffer overflow in restore
DATE: 2000-06-30
AFFECTED CONECTIVA VERSIONS : 4.0, 4.0es, 4.1, 4.2 and 5.0

DESCRIPTION
There is a buffer overflow in the restore program < 0.4b17. Being
SUID root in our default installation, an attacker can exploit this
to gain root privileges. There was also an issue where the computer
could be in a non-response state for a few seconds.

SOLUTION
All users of this package should upgrade immediately.

Thanks to Stelian Pop for providing the fixes.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/dump-0.4b18-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/dump-0.4b18-1cl.src.rpm

----------------------------------------------------------------------

All packages are signed with Conectiva's PGP key. The key can be obtained at
http://www.conectiva.com.br/conectiva/contato.html

----------------------------------------------------------------------
subscribe: atualizacoes-anuncio-subscribe () bazar conectiva com br
unsubscribe: atualizacoes-anuncio-unsubscribe () bazar conectiva com br

Current thread:

Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- - Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Ben Pfaff (Jun 29)
  - Update to Integrity Protection Driver Available IPD (Jun 29)
  - Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
  - Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
    - Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
    - Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)
    - vpopmail-3.4.11 problems H D Moore (Jun 29)
    - CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump Conectiva Security (Jun 30)