Debians sikkerhedsbulletin
DSA-687-1 bidwatcher -- formatstreng
- Rapporteret den:
- 18. feb 2005
- Berørte pakker:
- bidwatcher
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2005-0158.
- Yderligere oplysninger:
-
Ulf Härnhammar fra Debians sikkerhedsauditprojekt har opdaget en formatstrengssårbarhed i bidwatcher, et værktøj der anvendes til at overvåge og byde på eBay-auktioner. Problemet kan fjernudløses med en af eBays webservere eller af nogen der giver sig ud for at være eBay, som sender bestemte data retur. Fra og med version 1.3.17 anvender programmet cURL og er ikke længere sårbart.
I den stabile distribution (woody) er dette problem rettet i version 1.3.3-1woody1.
I den ustabile distribution (sid) vil dette problem snart blive rettet.
Vi anbefaler at du opgraderer din bidwatcher-pakke.
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.dsc
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3.orig.tar.gz
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/b/bidwatcher/bidwatcher_1.3.3-1woody1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.