oops-1.4.22 vulnerability

To: security@debian.org, debian-devel@lists.debian.org
Subject: oops-1.4.22 vulnerability
From: Tamas SZERB <toma@rulez.org>
Date: Thu, 14 Dec 2000 02:50:00 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.21.0012140241020.1628-100000@mlf.linux.rulez.org>

oops-1.4.22 has a buffer overflow vulnerability mentioned by the bugtraq
with the ID of 2099, but it is fixed now in the newer version.

Please upgrade to this newer, 1.5.1 version that is currently in the
upload queue at samosa.

The related information from the http://www.securityfocus.com/ :

/* cut */

Oops is a freely available proxy server package, written by Igor Khasilev.
A problem exists in the package which could allow for the arbitrary
execution of code.

The problem occurs in the ftp_utils section of the program. It is possible
to make a request with numerous quotation marks (") in the request, which
are later translated to the html tag "&quot;". The translation of this
character makes it possible to overflow and potentially execute code on
the stack. This makes it possible for a malicious user to execute code
with the privileges of the user the proxy server is operating as.

/* cut */

--
VWOL
Tamas SZERB <toma@rulez.org>
GPG public key: http://alabama.inf.elte.hu/~toma/gpgkey-toma.asc

Reply to:

Prev by Date: Re: ITP: water -- A graphical water effect demo.
Next by Date: Re: ITP: water -- A graphical water effect demo.
Previous by thread: Re: ITP: fspanel - a minimilist panel to replace Gnome's and KDE's
Next by thread: linux threads man pages
Index(es):
- Date
- Thread