[11722] in bugtraq
Re: Debian not vulnerable to recent cron buffer overflow
daemon@ATHENA.MIT.EDU (Ethan King)
Tue Sep 7 19:38:54 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <199909031609.MAA00214@smtp.mathworks.com>
Date: Fri, 3 Sep 1999 12:07:31 -0400
Reply-To: Ethan King <ethan@MATHWORKS.COM>
From: Ethan King <ethan@MATHWORKS.COM>
X-To: Peter Wemm <peter@netplex.com.au>, BUGTRAQ@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
>> > Debian has
>> > discovered this bug two years ago and fixed it. Therefore versions in
>> > both, the stable and the unstable, distributions of Debian are not
>> > vulnerable to this problem..
Regardless of which, I was successfully able to take advantage of the
overflow on Debian (GNU/Linux) 2.1, every time, every machine. However the
patch which was supplied to this list earlier in the week indeed fixes the
issue. URL re-posted below...
>> Does anyone know if Debian never sent the fix to Paul Vixie, or if it was
>> sent and Paul "missed it"?
Seems like a good question. But it's really old news at this point, and
some of it has been for quite a while now.
--Ethan
--
Ethan King
Unix Group, SSG.
The MathWorks
1999
--
[re-posted from aleph1's forward from debian, earlier this week]
We recommend you upgrade your cron package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.1 alias slink
--------------------------------
This version of Debian was released only for the Intel, the
Motorola 68xxx, the alpha and the Sun sparc architecture.
Source archives:
http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.diff
.gz
MD5 checksum: 96a4b55e06127c4a6cf31ee511227adb
http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.dsc
MD5 checksum: 3998735f00d3f10a5e290227db6bf611
http://security.debian.org/dists/stable/updates/source/cron_3.0pl1.orig.tar.
gz
MD5 checksum: 4c64aece846f8483daf440f8e3dd210f
Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/cron_3.0pl1-50.
2_alpha.deb
MD5 checksum: cbab162fffd7dba71373b3eb62201b52
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/cron_3.0pl1-50.2
_i386.deb
MD5 checksum: 85d9ffff103d0121101b7b80817d0abe
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/cron_3.0pl1-50.2
_m68k.deb
MD5 checksum: 62a039991c237a92c4a3cdcef4a328d7
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/cron_3.0pl1-50.
2_sparc.deb
MD5 checksum: 56f5e099ab621572b560706e1eec9ebb
Debian GNU/Linux pre2.2 alias potato
------------------------------------
Source archives:
http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.diff
.gz
MD5 checksum: f500a0dc7175d64de4822f159a51d739
http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.dsc
MD5 checksum: 1a16af335a106805ecdd6585a75ee61a
http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1.orig.ta
r.gz
MD5 checksum: 4c64aece846f8483daf440f8e3dd210f
Alpha architecture:
http://security.debian.org/dists/unstable/updates/binary-alpha/cron_3.0pl1-5
2_alpha.deb
MD5 checksum: 8e5246a79269b8f489a3cdb7efc41661
ARM architecture:
http://security.debian.org/dists/unstable/updates/binary-arm/cron_3.0pl1-52_
arm.deb
MD5 checksum: 8d103d4a60ec94d1f0fb07caabd34575
Intel ia32 architecture:
http://security.debian.org/dists/unstable/updates/binary-i386/cron_3.0pl1-52
_i386.deb
MD5 checksum: a7f8de4f43aa21e2fe94fe602c6c2c83
Motorola 680x0 architecture:
http://security.debian.org/dists/unstable/updates/binary-m68k/cron_3.0pl1-52
_m68k.deb
MD5 checksum: b2e866ecc10e95094202327eab5fc0fd
PowerPC architecture:
http://security.debian.org/dists/unstable/updates/binary-powerpc/cron_3.0pl1
-52_powerpc.deb
MD5 checksum: 058a25564bc7c9c6fb153eafa0126cee
Sun Sparc architecture:
http://security.debian.org/dists/unstable/updates/binary-sparc/cron_3.0pl1-5
2_sparc.deb
MD5 checksum: ed34f37c41d9322ba094ede04d8d2e16
For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .
----------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable updates
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates
Mailing list: debian-security-announce@lists.debian.org
