Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:5601
HistoryJan 06, 2004 - 12:00 a.m.

[Full-Disclosure] [SECURITY] [DSA 412-1] New nd packages fix buffer overflows

2004-01-0600:00:00
vulners.com
7
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA 412-1 [email protected]
http://www.debian.org/security/ Matt Zimmerman
January 5th, 2004 http://www.debian.org/security/faq

Package : nd
Vulnerability : buffer overflows
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2004-0014

Multiple vulnerabilities were discovered in nd, a command-line WebDAV
interface, whereby long strings received from the remote server could
overflow fixed-length buffers. This vulnerability could be exploited
by a remote attacker in control of a malicious WebDAV server to
execute arbitrary code if the server was accessed by a vulnerable
version of nd.

For the current stable distribution (woody) this problem has been
fixed in version 0.5.0-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 0.8.2-1.

We recommend that you update your nd package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.dsc
  Size/MD5 checksum:      566 d2e27c164d3544a251804570379eb44c
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.diff.gz
  Size/MD5 checksum:     3533 4a7b92e2df684bf7f312e3a827764671
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0.orig.tar.gz
  Size/MD5 checksum:    52117 d07741e6323fdeb38a6b4549bca02c53

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_alpha.deb
  Size/MD5 checksum:    20650 c67cd2e49a3a61649ce5a452d55b05eb

ARM architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_arm.deb
  Size/MD5 checksum:    18072 3837139e2a5beba99b59984bb748315d

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_i386.deb
  Size/MD5 checksum:    17314 5edd55545dc4a923333a67aea035e095

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_ia64.deb
  Size/MD5 checksum:    24434 a538a442a1bb1b7c1cd5ee64096a3a1b

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_hppa.deb
  Size/MD5 checksum:    20862 92c12defa016b8a577ddf4fb1d80fdc3

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_m68k.deb
  Size/MD5 checksum:    16622 f61ea0df91f69157ef653b406af90871

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mips.deb
  Size/MD5 checksum:    19466 d4d60babdecee2e7612410eb8670b9df

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mipsel.deb
  Size/MD5 checksum:    19470 e9a1e61cd15011fe1a30da782d3c7da9

PowerPC architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_powerpc.deb
  Size/MD5 checksum:    18204 fb699d5bb90844990c52495f3863ccfe

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_s390.deb
  Size/MD5 checksum:    18212 65c7e34f77ddf46ebc4d10656772d055

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_sparc.deb
  Size/MD5 checksum:    17420 6d172963ca07e2e6ca0a1ab2bf59f67a

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQE/+m4NArxCt0PiXR4RAvZMAJ4jUgn+mVxT3hJuX4rUP0za5gPuBACgvY62
O+FlgwAMRnktJdDH5h5Q3Ac=
=mQ79
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Related

openvas 2
nessus 1
cve 1
debian 1
debiancve 1
osv 1
openvas
openvas
Debian: Security Advisory (DSA-412)
2008-01-17 00:00:00
Debian Security Advisory DSA 412-1 (nd)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-412-1 : nd - buffer overflows
2004-09-29 00:00:00
cve
cve
CVE-2004-0014
2004-01-20 05:00:00
debian
debian
[SECURITY] [DSA 412-1] New nd packages fix buffer overflows
2004-01-06 08:13:44
debiancve
debiancve
CVE-2004-0014
2004-01-20 05:00:00
osv
osv
nd - buffer overflows
2004-01-05 00:00:00
JSON
Related for SECURITYVULNS:DOC:5601
openvas2nessus1cve1debian1debiancve1osv1