Debian Security Advisory

DSA-1190-1 maxdb-7.5.00 -- buffer overflow

Date Reported:
04 Oct 2006
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 386182.
In Mitre's CVE dictionary: CVE-2006-4305.
More information:

Oliver Karow discovered that the WebDBM frontend of the MaxDB database performs insufficient sanitising of requests passed to it, which might lead to the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in version

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your maxdb-7.5.00 package.

Fixed in:

Debian GNU/Linux 3.1 (sarge)

Intel IA-32:
Intel IA-64:

MD5 checksums of the listed files are available in the original advisory.