Debian Security Advisory

userv -- local exploit

Date Reported:

27 Jul 2000

Affected Packages:

userv

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

The version of userv that was distributed with Debian GNU/Linux 2.1 (slink) had a problem in the fd swapping algorithm: it could sometimes make an out-of-bounds array reference. It might be possible for local users to abuse this to carry out unauthorised actions or be able to take control for service user accounts.

This has been fixed in version 1.0.1.0slink for Debian GNU/Linux 2.1, and version 1.0.1.1potato for Debian GNU/Linux 2.2.

Fixed in:

Debian GNU/Linux 2.1 (slink):

Source:: http://security.debian.org/dists/slink/updates/source/userv_1.0.1.0slink.dsc; http://security.debian.org/dists/slink/updates/source/userv_1.0.1.0slink.tar.gz
alpha:: http://security.debian.org/dists/slink/updates/binary-alpha/userv_1.0.1.0slink_alpha.deb
i386:: http://security.debian.org/dists/slink/updates/binary-i386/userv_1.0.1.0slink_i386.deb
m68k:: http://security.debian.org/dists/slink/updates/binary-m68k/userv_1.0.1.0slink_m68k.deb
sparc:: http://security.debian.org/dists/slink/updates/binary-sparc/userv_1.0.1.0slink_sparc.deb

Debian GNU/Linux 2.2 (potato)

Source:: http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.dsc; http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.tar.gz
alpha:: http://security.debian.org/dists/potato/updates/main/binary-alpha/userv_1.0.1.1potato_alpha.deb
i386:: http://security.debian.org/dists/potato/updates/main/binary-i386/userv_1.0.1.1potato_i386.deb
sparc:: http://security.debian.org/dists/potato/updates/main/binary-sparc/userv_1.0.1.1potato_sparc.deb