Bacheca Debian sulla sicurezza

DSA-149-1 glibc -- overflow di intero

Data della segnalazione:

13 ago 2002

Pacchetti coinvolti:

Vulnerabile:

Sì

Referenze all'interno del database della sicurezza:

Nel database Bugtraq (presso SecurityFocus): Numero del bug 5356.
Nel dizionario CVE di Mitre: CVE-2002-0391.
Annunci di vulnerabilità e note d'incidenti del CERT: VU#192995.

Maggiori informazioni:

Un bug relativo ad un overflow di intero è stato scoperto nella libreria RPC utilizzata dalla GNU libc e che è derivata dalla libreria SunRPC. Questo bug può essere sfruttato, tramite qualsiasi software che utilizzi questa libreria, per ottenere l'accesso non autorizzato come utente root. I pacchetti sottostanti correggono anche un altro overflow di intero all'interno del codice di malloc. Inoltre c'è una correzione di Andreas Schwab che riduce linebuflen oltre ad incrementare il puntatore ad un buffer utilizzato nel codice di NSS DNS.

Questo problema è stato corretto nella versione 2.1.3-23 della precedente distribuzione stable (potato), nella versione 2.2.5-11.1 per la attuale distribuzione stable (woody) e nella versione 2.2.5-13 per la distribuzione unstable (sid).

Si suggerisce di aggiornare immediatamente il pacchetto libc6.

Risolto in:

Debian GNU/Linux 2.2 (potato)

Sorgente:: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3-24.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.1.3.orig.tar.gz
Componente indipendente dall'architettura:: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.1.3-24_all.deb; http://security.debian.org/pool/updates/main/g/glibc/i18ndata_2.1.3-24_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_i386.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libnss1-compat_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_m68k.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_powerpc.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.1.3-24_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.1.3-24_sparc.deb

Debian GNU/Linux 3.0 (woody)

Sorgente:: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.dsc; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.2.diff.gz; http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
Componente indipendente dall'architettura:: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.2_all.deb; http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.2_all.deb
Alpha:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_alpha.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_alpha.deb
ARM:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_arm.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_arm.deb
Intel IA-32:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_i386.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_i386.deb
Intel IA-64:: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.2_ia64.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_ia64.deb
HP Precision:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_hppa.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_hppa.deb
Motorola 680x0:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_m68k.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_m68k.deb
Big endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mips.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mips.deb
Little endian MIPS:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_mipsel.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_mipsel.deb
PowerPC:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_powerpc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_powerpc.deb
IBM S/390:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_s390.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_s390.deb
Sun Sparc:: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.2_sparc.deb; http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.2_sparc.deb

Somma di controllo MD5 per i file in elenco disponibile nella notizia originale.