Debian Security Advisory
DSA-116-1 cfs -- buffer overflow
- Date Reported:
- 02 Mar 2002
- Affected Packages:
- cfs
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2002-0351.
- More information:
-
Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix(tm) file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it.
This problem has been fixed in version 1.3.3-8.1 for the stable Debian distribution and in version 1.4.1-5 for the testing and unstable distribution of Debian.
We recommend that you upgrade your cfs package immediately.
- Fixed in:
-
Debian GNU/Linux 2.2 (potato)
- Source:
- http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3-8.1.dsc
- http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3-8.1.diff.gz
- http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3.orig.tar.gz
- http://security.debian.org/dists/stable/updates/main/source/cfs_1.3.3-8.1.diff.gz
- Alpha:
- http://security.debian.org/dists/stable/updates/main/binary-alpha/cfs_1.3.3-8.1_alpha.deb
- ARM:
- http://security.debian.org/dists/stable/updates/main/binary-arm/cfs_1.3.3-8.1_arm.deb
- Intel ia32:
- http://security.debian.org/dists/stable/updates/main/binary-i386/cfs_1.3.3-8.1_i386.deb
- Motorola 680x0:
- http://security.debian.org/dists/stable/updates/main/binary-m68k/cfs_1.3.3-8.1_m68k.deb
- PowerPC:
- http://security.debian.org/dists/stable/updates/main/binary-powerpc/cfs_1.3.3-8.1_powerpc.deb
- Sun Sparc:
- http://security.debian.org/dists/stable/updates/main/binary-sparc/cfs_1.3.3-8.1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.