Executive Summary
| Summary | |
|---|---|
| Title | New orville-write packages fix buffer overflows |
| Informations | |||
|---|---|---|---|
| Name | DSA-326 | First vendor Publication | 2003-06-19 |
| Vendor | Debian | Last vendor Modification | 2003-06-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Orville Write, a replacement for the standard write(1) command, contains a number of buffer overflows. These could be exploited to gain either gid tty or root privileges, depending on the configuration selected when the package is installed. For the stable distribution (woody) this problem has been fixed in version 2.53-4woody1. The old stable distribution (potato) does not contain an orville-write package. For the unstable distribution (sid) this problem will be fixed soon. See Debian bug report #170747. We recommend that you update your orville-write package. |
Original Source
| Url : http://www.debian.org/security/2003/dsa-326 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 326-1 (orville-write) File : nvt/deb_326_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 6681 | Orville Write orville-write wrt_type.c Local Overflow A local overflow exists in Orville Write. The "wrt_type" binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the environment variable, a malicious user can cause arbitrary code execution with elevated privileges, possibly root, if the program was installed setuid, or "tty" group privileges, if the program was installed setgid, resulting in a loss of integrity. |
| 6680 | Orville Write orville-write wrt_me.c Local Overflow A local overflow exists in Orville Write. The "wrt_me" binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the environment variable, a malicious user can cause arbitrary code execution with elevated privileges, possibly root, if the program was installed setuid, or "tty" group privileges, if the program was installed setgid, resulting in a loss of integrity. |
| 6679 | Orville Write orville-write amin.c Local Overflow A local overflow exists in Orville Write. The "amin" binary fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the environment variable, a malicious user can cause arbitrary code execution with elevated privileges, possibly root, if the program was installed setuid, or "tty" group privileges, if the program was installed setgid, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-326.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:32:42 |
|
