<<< Date Index >>>     <<< Thread Index >>>

[SECURITY] [DSA 975-1] New nfs-user-server packages fix arbitrary code execution



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 975-1                     security@xxxxxxxxxx
http://www.debian.org/security/                         Moritz Muehlenhoff
February 15th, 2006                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : nfs-user-server
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2006-0043
Debian Bug     : 350020

Marcus Meissner discovered that attackers can trigger a buffer overflow
in the path handling code by creating or abusing existing symlinks, which
may lead to the execution of arbitrary code.

This vulnerability isn't present in the kernel NFS server.

This update includes a bugfix for attribute handling of symlinks. This
fix does not have security implications, but at the time when this DSA
was prepared it was already queued for the next stable point release, so
we decided to include it beforehand.

For the old stable distribution (woody) this problem has been fixed in
version 2.2beta47-12woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.2beta47-20sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 2.2beta47-22.

We recommend that you upgrade your nfs-user-server package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.dsc
      Size/MD5 checksum:      727 f4971401042d4274c2cb4849c3322593
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1.diff.gz
      Size/MD5 checksum:     8752 9380de4b1fd8936dc4b19af0b57040b6
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
      Size/MD5 checksum:   198202 79a29fe9f79b2f3241d4915767b8c511

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_alpha.deb
      Size/MD5 checksum:   119962 37cfb09732006201cde06683d2a9a4d9
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_alpha.deb
      Size/MD5 checksum:    26790 103f998c7a540b9ac7062b6f62665671

  ARM architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_arm.deb
      Size/MD5 checksum:   100406 0edad22179223402ac88f45fda7d1c7d
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_arm.deb
      Size/MD5 checksum:    25010 c42c15bad3488459267edb127bae00db

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_i386.deb
      Size/MD5 checksum:    97778 ec19dcb4ae4acc430555962d728e326e
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_i386.deb
      Size/MD5 checksum:    25030 a7091d7be5eb9dd028efd7583a9af598

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_ia64.deb
      Size/MD5 checksum:   140182 88fa7ef8e9993c8660506f2e90b28f85
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_ia64.deb
      Size/MD5 checksum:    28224 c4b5fa3f0dcab42a066eea6366dae92d

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_hppa.deb
      Size/MD5 checksum:   112212 796f3f24a5eb4b618e0cf831d06cbd29
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_hppa.deb
      Size/MD5 checksum:    25880 bd51ab530c8a099dc077888a86f656e7

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_m68k.deb
      Size/MD5 checksum:    94898 4b63d1ee24bdc0dbd75513bcd650894f
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_m68k.deb
      Size/MD5 checksum:    24930 5d2768fb43739ef682561e2399ee2cd0

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mips.deb
      Size/MD5 checksum:   111030 459c4f52cdd13b0cf1917d142d0c03b2
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mips.deb
      Size/MD5 checksum:    25540 dfcdfe4d7c1b8f1274630c7db761c914

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_mipsel.deb
      Size/MD5 checksum:   111446 9f2f37c96fabc15e037d821f84dafab8
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_mipsel.deb
      Size/MD5 checksum:    25590 fe7a5c5d0d7fb22cf59fac74b0f08e61

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_powerpc.deb
      Size/MD5 checksum:   103378 bb684d3b6ace660a06608677bf42abca
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_powerpc.deb
      Size/MD5 checksum:    25176 b1a5f42c93c86bedf01f459e02800604

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_s390.deb
      Size/MD5 checksum:   101950 32942df18a5cad32d78b04b68f99d606
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_s390.deb
      Size/MD5 checksum:    25608 a0babe0ae65985a7ff390c5fb5c30431

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-12woody1_sparc.deb
      Size/MD5 checksum:   107812 0322f911f95274cf4e74918231110a22
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-12woody1_sparc.deb
      Size/MD5 checksum:    27656 728dbf0467fc5319dda627cffb5b0f4f


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.dsc
      Size/MD5 checksum:      673 9b2bad20c71ddaf5a31e0764f111abc5
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2.diff.gz
      Size/MD5 checksum:    12338 de7022e8239557edb4fff49d8651b9ae
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47.orig.tar.gz
      Size/MD5 checksum:   198202 79a29fe9f79b2f3241d4915767b8c511

  Alpha architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_alpha.deb
      Size/MD5 checksum:   122462 9fc16fc80cb69776da8f4217b45ceddd
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_alpha.deb
      Size/MD5 checksum:    29580 a123ff09327972254f4b736abf1e5db0

  AMD64 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_amd64.deb
      Size/MD5 checksum:   110186 c5938250b19c67cfb4c8352c1f4cae73
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_amd64.deb
      Size/MD5 checksum:    28684 e413492c8d61bc339dca4b8586ede74a

  ARM architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_arm.deb
      Size/MD5 checksum:   102044 1020ae06e3524bb426ee0666edf8d626
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_arm.deb
      Size/MD5 checksum:    27362 76018f40e851b9ea6e96e07f536dcfcf

  Intel IA-32 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_i386.deb
      Size/MD5 checksum:   103032 4d84d4fd08b7f4ac1d2ae2f465c2b473
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_i386.deb
      Size/MD5 checksum:    27564 4c8387e8923f6ca051e7faa81456fb59

  Intel IA-64 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_ia64.deb
      Size/MD5 checksum:   136580 83ec00d7bf446c9e41c848f0af7baee6
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_ia64.deb
      Size/MD5 checksum:    31386 45b03ce151804aa48c16cb87c36f571f

  HP Precision architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_hppa.deb
      Size/MD5 checksum:   112918 242ac2588388bc9878d45ceea94c57bc
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_hppa.deb
      Size/MD5 checksum:    28812 c18c3bb06db6f50f9de0b60ad2d7150a

  Motorola 680x0 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_m68k.deb
      Size/MD5 checksum:    97290 d6aba5f712d0841e7ebeae434d8a5ef3
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_m68k.deb
      Size/MD5 checksum:    27162 ddfca380400f3df7ed4ca9cd888305f2

  Big endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mips.deb
      Size/MD5 checksum:   113558 7c671ca41a871d1a3ae0174ec352ece7
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mips.deb
      Size/MD5 checksum:    28970 af3d00cce44cb8d316dd440ba9c5663f

  Little endian MIPS architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_mipsel.deb
      Size/MD5 checksum:   114480 62d49e116259424b08b9e0f07a8a3c96
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_mipsel.deb
      Size/MD5 checksum:    29018 dc28659c54a23649d020e9d251055763

  PowerPC architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_powerpc.deb
      Size/MD5 checksum:   108538 18fd45042a32fc7e4df58e1aabcd5d58
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_powerpc.deb
      Size/MD5 checksum:    29514 b35ae6a1ee9e3c076c1170b94d78ee4a

  IBM S/390 architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_s390.deb
      Size/MD5 checksum:   109840 626e4c86cb765dbef4479873b39d37ec
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_s390.deb
      Size/MD5 checksum:    28672 f0d629f5273eade0b74fb1dd16e988e8

  Sun Sparc architecture:

    
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-user-server_2.2beta47-20sarge2_sparc.deb
      Size/MD5 checksum:   102856 8bcb39c3a1a7287d5b5911b2f302d04b
    
http://security.debian.org/pool/updates/main/n/nfs-user-server/ugidd_2.2beta47-20sarge2_sparc.deb
      Size/MD5 checksum:    27518 9618af8d95b951d5291ad4a7fd266393


  These files will probably be moved into the stable distribution on
  its next update.

- 
---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFD8xUlW5ql+IAeqTIRAg3KAKCehrhxEas/iHJSgM+RT7KYnBiK9wCgu3Fn
xGSp7GG+I8F2jMIwY4A35rA=
=91TK
-----END PGP SIGNATURE-----