Debian Security Advisory
amd -- Buffer overflow in amd -- update
- Date Reported:
- 18 Oct 1999
- Affected Packages:
-
amd
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 614.
In Mitre's CVE dictionary: CVE-1999-0704.
CERT's vulnerabilities, advisories and incident notes: CA-1999-12.
- More information:
- The version of amd that was distributed with Debian
GNU/Linux 2.1 is vulnerable to a remote exploit. Passing a big directory
name to amd's logging code would overflow a buffer which could be
exploited. That vulnerability was fixed in version 23.0slink1, see the
DSA page on 24 Sep 1999 for amd. However, that fix
contained an error which has been corrected in version upl102-23.slink2.
Use the information below to get corrected packages.
- Fixed in:
-
- Source:
- http://security.debian.org/dists/slink/updates/source/amd_upl102-23.slink2.diff.gz
- http://security.debian.org/dists/slink/updates/source/amd_upl102-23.slink2.dsc
- http://security.debian.org/dists/slink/updates/source/amd_upl102.orig.tar.gz
- Alpha:
- http://security.debian.org/dists/slink/updates/binary-alpha/amd_upl102-23.slink2_alpha.deb
- i386:
- http://security.debian.org/dists/slink/updates/binary-i386/amd_upl102-23.slink2_i386.deb
- m68k:
- http://security.debian.org/dists/slink/updates/binary-m68k/amd_upl102-23.slink2_m68k.deb
- sparc:
- http://security.debian.org/dists/slink/updates/binary-sparc/amd_upl102-23.slink2_sparc.deb
