Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow

To: security@debian.org, debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 11 Mar 2002 23:37:32 -0500
Message-id: <[🔎] 20020312043732.GF14066@alcor.net>
Mail-followup-to: security@debian.org, debian-security@lists.debian.org
In-reply-to: <[🔎] 20020312025253.GA26139@dodds.net>
References: <E16kWdJ-00020a-00@pandora.debian.org> <[🔎] Pine.LNX.3.96.1020311171450.4501A-100000@trillian.megadodo.umb> <[🔎] 20020312025253.GA26139@dodds.net>

On Mon, Mar 11, 2002 at 08:52:54PM -0600, Steve Langasek wrote:

> dpkg doesn't normally run on a network port, so exploiting it doesn't get
> you local access unless you already have it; and it's not suid, so running
> it from commandline doesn't let you get root.  Therefore, there is no
> security hole opened by a vulnerability in dpkg.

Not so; other, more subtle attack vectors are possible.  For example, the
superuser could use dpkg-deb --extract on a hostile binary .deb.  This
should be a safe operation, given a properly controlled environment, but by
exploiting this bug, dpkg could be tricked into executing arbitrary code.

-- 
 - mdz

Reply to:

References:
- Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
  - From: Jor-el <jorel@trillian.megadodo.umb>
- Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Next by Date: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Previous by thread: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Next by thread: Re: [SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow
Index(es):
- Date
- Thread