LuxMan Local Buffer Overflow Vulnerability

Bugtraq ID:	12797
Class:	Boundary Condition Error
CVE:	CVE-2005-0385
Remote:	No
Local:	Yes
Published:	Mar 14 2005 12:00AM
Updated:	Jul 12 2009 10:56AM
Credit:	Discovery is credited to Kevin Finisterre.
Vulnerable:	Frank McIngvale LuxMan 0.41 -17 + Debian Linux 3.0 sparc + Debian Linux 3.0 s/390 + Debian Linux 3.0 ppc + Debian Linux 3.0 mipsel + Debian Linux 3.0 mips + Debian Linux 3.0 m68k + Debian Linux 3.0 ia-64 + Debian Linux 3.0 ia-32 + Debian Linux 3.0 hppa + Debian Linux 3.0 arm + Debian Linux 3.0 alpha + Debian Linux 3.0 Frank McIngvale LuxMan 0.41 + Debian Linux 3.0 ia-32
Not Vulnerable:

LuxMan Local Buffer Overflow Vulnerability

LuxMan is reported prone to a local buffer overflow vulnerability.

A successful attack, can allow an attacker to gain elevated privileges on a vulnerable computer.

LuxMan 0.41-17 is reported prone to this vulnerability. It is possible that other versions are affected as well.

LuxMan Local Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

LuxMan Local Buffer Overflow Vulnerability

Solution:
Debian has released advisory DSA 693-1 to address this issue. Please see the referenced advisory for more information.


Frank McIngvale LuxMan 0.41 -17

• Debian luxman_0.41-17.2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/l/luxman/luxman_0.41-17.2 _i386.deb

LuxMan Local Buffer Overflow Vulnerability

References:

• DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow' (Kevin Finisterre )