Debian Security Advisory

DSA-461-1 calife -- buffer overflow

Date Reported:
11 Mar 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 9756.
In Mitre's CVE dictionary: CVE-2004-0188.
More information:

Leon Juranic discovered a buffer overflow related to the getpass(3) library function in calife, a program which provides super user privileges to specific users. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least one entry in /etc/calife.auth, to execute arbitrary code with root privileges.

For the current stable distribution (woody) this problem has been fixed in version 2.8.4c-1woody1.

For the unstable distribution (sid) this problem has been fixed in version 2.8.6-1.

We recommend that you update your calife package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.