exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1086-1

Debian Linux Security Advisory 1086-1
Posted Jun 3, 2006
Authored by Debian | Site debian.org

Debian Security Advisory 1086-1: The xmcdconfig creates directories world-writeable allowing local users to fill the /usr and /var partition and hence cause a denial of service. This problem has been half-fixed since version 2.3-1.

tags | advisory, denial of service, local
systems | linux, debian
SHA-256 | 6c651630037fb5a3d3e0c09a5a7566cd2e210e7396cd7553174d3d3cea923642
Download | Favorite | View

Debian Linux Security Advisory 1086-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1086-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
June 2nd, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xmcd
Vulnerability  : design flaw
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-2542
Debian Bug     : 366816

The xmcdconfig creates directories world-writeable allowing local
users to fill the /usr and /var partition and hence cause a denial of
service.  This problem has been half-fixed since version 2.3-1.

For the old stable distribution (woody) this problem has been fixed in
version 2.6-14woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.6-17sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.6-18.

We recommend that you upgrade your xmcd package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.dsc
      Size/MD5 checksum:      619 42038224877b80e57969e82e14a6ee5a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1.diff.gz
      Size/MD5 checksum:    19169 3144b9f7dc78b1a0a668eff06ded3b08
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_alpha.deb
      Size/MD5 checksum:    65648 d4beba33b15cdef57c315666e9dbeaf3
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_alpha.deb
      Size/MD5 checksum:   458520 da2013cefff5009ed770397ea7cf23fe

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_arm.deb
      Size/MD5 checksum:    60464 2a9f06c9a2f888ea56ac62bdfe2eb05e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_arm.deb
      Size/MD5 checksum:   378038 932f832766a947aac29d9b40f2f8a026

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_i386.deb
      Size/MD5 checksum:    58970 506435aef6b9a12c0715e73dea67eefd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_i386.deb
      Size/MD5 checksum:   324960 2eba0f70812dada62ec2fb3f3b054318

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_ia64.deb
      Size/MD5 checksum:    66140 6d3eff9fdf1d9c6052c9554bc4dd584a
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_ia64.deb
      Size/MD5 checksum:   543700 dce5ff73c754b4425fe642117a52f5fa

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_hppa.deb
      Size/MD5 checksum:    60954 f48d59a10a2891bdb1842da42fe0b0f4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_hppa.deb
      Size/MD5 checksum:   406294 2b12245768fce9c5f57cc4a8818ea1be

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_m68k.deb
      Size/MD5 checksum:    58890 ce57236e978ed6310d23cf1cfede3224
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_m68k.deb
      Size/MD5 checksum:   309832 0de1924af1c4981505849da8e6b8c7af

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mips.deb
      Size/MD5 checksum:    61476 8a4dcea7adbfb4a1c3294a2622e05d15
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mips.deb
      Size/MD5 checksum:   377170 91d622c19970fe0dcda24f63e85c7350

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_mipsel.deb
      Size/MD5 checksum:    61436 27eaa3e4c2365f2e4b49c526acc3df00
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_mipsel.deb
      Size/MD5 checksum:   378122 c9b63596911f83c72a4c9b7fbd01abf0

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_powerpc.deb
      Size/MD5 checksum:    60998 74e9b62e02f69db4dfedab57100904dd
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_powerpc.deb
      Size/MD5 checksum:   364402 28547836494d0142a84c2bf58888c6bf

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_s390.deb
      Size/MD5 checksum:    59818 8d3d1ca6ff1fd1ceb32c42b73d4fe3bb
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_s390.deb
      Size/MD5 checksum:   347966 dd3cc13ee026156516f315b77cb1f06b

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-14woody1_sparc.deb
      Size/MD5 checksum:    62724 597ddc3fe6e1c56a3ecb78e2b46c7fd4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-14woody1_sparc.deb
      Size/MD5 checksum:   361214 e93e33fe714c4b5429eb7a2bce8ba0ea


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.dsc
      Size/MD5 checksum:      619 25a530a0383c4ab2cbc2d23a6c95d5f2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1.diff.gz
      Size/MD5 checksum:    20482 d9ce89eebe6f068df0c1d49eacc0bb4b
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6.orig.tar.gz
      Size/MD5 checksum:   553934 ce3208e21d8e37059e44ce9310d08f5f

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_alpha.deb
      Size/MD5 checksum:    62480 d99e5ad3da64edbfbc6a9e5c610683e1
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_alpha.deb
      Size/MD5 checksum:   452252 19bf881ff9a11a1d398d97ef2158f07c

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_amd64.deb
      Size/MD5 checksum:    60974 d14a6718ad2f95983d0af699aa585df2
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_amd64.deb
      Size/MD5 checksum:   375978 1064343cbef2794c637ce6431935280b

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_arm.deb
      Size/MD5 checksum:    60052 870eb636eb62c6b3d5fc310d82e9ae2c
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_arm.deb
      Size/MD5 checksum:   363752 cf23e90fa86d845a66c297a12de2c887

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_i386.deb
      Size/MD5 checksum:    59976 95f0064a7b485df46d6275e3ba98b28e
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_i386.deb
      Size/MD5 checksum:   347032 2e5dfd037ca6a7d7e7ef77fa5b3cdd6a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_ia64.deb
      Size/MD5 checksum:    64146 9cf8c9c4c9aa5a6bf8da06ff9079e4df
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_ia64.deb
      Size/MD5 checksum:   521072 6759905bab7f05d9cba71fa19b7b971d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_hppa.deb
      Size/MD5 checksum:    61618 578d619050afd48ba63fbb103a443673
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_hppa.deb
      Size/MD5 checksum:   399428 b7c61aa93ff2efd42cb4375940b675df

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_m68k.deb
      Size/MD5 checksum:    59428 a95f8b6d48635de344faf79d8dce01f5
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_m68k.deb
      Size/MD5 checksum:   311534 313f9f8e4db059b0c58bc37ef61fe6cd

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mips.deb
      Size/MD5 checksum:    61656 35c929f75f4ab0989ab7fe94afe08a3d
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mips.deb
      Size/MD5 checksum:   379520 57b63417bfb1d07afb79767268e56022

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum:    61688 63b48f033d11adeb78d933e36ad0a904
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_mipsel.deb
      Size/MD5 checksum:   381286 0e05464ae0243e4c6abfa50d21bf032c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum:    60740 5bfc0950afeb05321af3623f90b015e4
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_powerpc.deb
      Size/MD5 checksum:   372902 e1706bbfe5c2e920465f339824c3639a

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_s390.deb
      Size/MD5 checksum:    60742 95dcd70b6713309c6f0d57017b024ed7
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_s390.deb
      Size/MD5 checksum:   364676 0e28c9bf8c98276469af3b7a906f9c39

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xmcd/cddb_2.6-17sarge1_sparc.deb
      Size/MD5 checksum:    59944 6057d32cd180068884fa63923163cc92
    http://security.debian.org/pool/updates/main/x/xmcd/xmcd_2.6-17sarge1_sparc.deb
      Size/MD5 checksum:   354052 51387f66a75f9ab56fa036b970ace931


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEgA8TW5ql+IAeqTIRAnJoAKCo+RUx++bsD3QhPyrN+SVRsLn4fgCgom2y
kuqz0ZtlJqekaiMevzgL5EQ=
=T6Q7
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close