Executive Summary

Summary
Title New calife packages fix buffer overflow
Informations
Name DSA-461 First vendor Publication 2004-03-11
Vendor Debian Last vendor Modification 2004-03-11
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Calife, a program which provides super user privileges to specific users, was found to contain a buffer overflow related to the getpass(3) library function. A local attacker could potentially exploit this vulnerability, given knowledge of a local user's password and the presence of at least one entry in /etc/calife.auth, to execute arbitrary code with root privileges.

For the current stable distribution (woody) this problem has been fixed in version 2.8.4c-1woody1.

For the unstable distribution (sid) this problem has been fixed in version 2.8.6-1.

We recommend that you update your calife package.

Original Source

Url : http://www.debian.org/security/2004/dsa-461

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 461-1 (calife)
File : nvt/deb_461_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
4108 Calife Password Heap Overflow Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2004-09-29 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-461.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:33:09
  • Multiple Updates