Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-11-01 Thread Martin Schulze
Steve Kemp wrote: > On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote: > > > Perhaps someone with a little more experience in identifying security > > problems should take a look, too. I CC'ed debian-security. > > Here's a quick summery : > > To be clear there are three flaws

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-11-01 Thread Steve Kemp
On Fri, Oct 29, 2004 at 10:12:33PM +0200, Frank Lichtenheld wrote: > Perhaps someone with a little more experience in identifying security > problems should take a look, too. I CC'ed debian-security. Here's a quick summery : To be clear there are three flaws being discussed in xsok: CAN-

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Frank Lichtenheld
tags 278777 security thanks On Fri, Oct 29, 2004 at 09:46:00PM +0200, Thomas Wana wrote: > Frank Lichtenheld wrote: > > > >But you too, since that was the wrong part ;) The LANG vuln is fixed in > >the current package (the patch is in debian/patches and gets applied at > >build time). I guess the

Processed: Re: Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Debian Bug Tracking System
Processing commands for [EMAIL PROTECTED]: > tags 278777 security Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074) Tags were: moreinfo Tags added: security > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system adminis

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Thomas Wana
Frank Lichtenheld wrote: But you too, since that was the wrong part ;) The LANG vuln is fixed in the current package (the patch is in debian/patches and gets applied at build time). I guess the -xsokdir vuln could be not fixed, I will check that. oh - oh - fsck :) Yes, I didn't check the patch

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Frank Lichtenheld
On Fri, Oct 29, 2004 at 09:21:09PM +0200, Thomas Wana wrote: > Frank Lichtenheld wrote: > >Hmm, the patch from the DSA is included in the package... Or do you > >mean that the patch is flawed? > > Do you mean DSA-405-1 (http://lwn.net/Articles/64725/)? That DSA > is refering to CAN-2003-0949, whic

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Thomas Wana
Frank Lichtenheld wrote: Hmm, the patch from the DSA is included in the package... Or do you mean that the patch is flawed? Do you mean DSA-405-1 (http://lwn.net/Articles/64725/)? That DSA is refering to CAN-2003-0949, which indeed seems to be fixed, but CAN-2004-0074 (which this bug is about)

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Frank Lichtenheld
tags 278777 moreinfo thanks On Fri, Oct 29, 2004 at 12:22:11PM +0200, Thomas Wana wrote: > This orphaned package still contains the local buffer overflow described > in http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0074 which > leads to privilege escalation (group games). Hmm, the pa

Bug#278777: xsok: unfixed buffer overflow (CAN-2004-0074)

2004-10-29 Thread Thomas Wana
Package: xsok Severity: critical Justification: security hole This orphaned package still contains the local buffer overflow described in http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0074 which leads to privilege escalation (group games). Tom -- System Information: Debian Release: