SLRN Long Header Buffer Overflow Vulnerability

Bugtraq ID:	2493
Class:	Unknown
CVE:	CVE-2001-0441
Remote:	Yes
Local:	No
Published:	Mar 08 2001 12:00AM
Updated:	Jul 11 2009 06:06AM
Credit:	This vulnerability was originally discovered by Bill Nottingham, and first announced to Bugtraq in a Debian Security Advisory dated March 8, 2001.
Vulnerable:	SLRN Development Team slrn 0.9.6 .4 - FreeBSD FreeBSD 5.0 - FreeBSD FreeBSD 4.2 + Redhat Linux 7.0 sparc + Redhat Linux 7.0 i386 + Redhat Linux 7.0 alpha + Redhat Linux 6.2 sparc + Redhat Linux 6.2 i386 + Redhat Linux 6.2 alpha - Wirex Immunix OS 7.0 -Beta - Wirex Immunix OS 7.0 - Wirex Immunix OS 6.2 SLRN Development Team slrn 0.9.6 .3 + MandrakeSoft Corporate Server 1.0.1 + Mandriva Linux Mandrake 7.2 + Mandriva Linux Mandrake 7.1 + Mandriva Linux Mandrake 7.0 + Mandriva Linux Mandrake 6.1 + Mandriva Linux Mandrake 6.0 SLRN Development Team slrn 0.9.6 .2-9 + Debian Linux 2.2 sparc + Debian Linux 2.2 powerpc + Debian Linux 2.2 arm + Debian Linux 2.2 alpha + Debian Linux 2.2 68k + Debian Linux 2.2
Not Vulnerable:

SLRN Long Header Buffer Overflow Vulnerability

slrn is a freely available news group program, designed to provide an easy to use interface to the NNTP. It is included with many Linux distributions, and is maintained by the SLRN Development Team.

A problem in the program could result in a buffer overflow, and could lead to the execution of arbitrary code. The wrapping/unwrapping function is disabled by default. However, if this function is enabled, an overflow of the buffer holding the wrapped header may occur. This heap overflow could result in the execution of shellcode encoded into the header or the body of the message.

It may be possible for a malicious remote user to execute arbitrary code as the UID of the slrn process. This vulnerability could also allow an intruder local access as the UID of the slrn process.

SLRN Long Header Buffer Overflow Vulnerability

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

SLRN Long Header Buffer Overflow Vulnerability

Solution:
Updates available:


SLRN Development Team slrn 0.9.6 .3

• MandrakeSoft 1.0.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /slrn-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 1.0.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS /slrn-pull-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 6.0 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/s lrn-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 6.0 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/s lrn-pull-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 6.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/s lrn-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 6.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/s lrn-pull-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 7.0 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/s lrn-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 7.0 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/s lrn-pull-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 7.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/s lrn-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 7.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/s lrn-pull-0.9.6.3-10.2mdk.i586.rpm


• MandrakeSoft 7.2 i386 slrn-0.9.6.3-10.1mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/s lrn-0.9.6.3-10.1mdk.i586.rpm


• MandrakeSoft 7.2 i386 slrn-pull-0.9.6.3-10.1mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/s lrn-pull-0.9.6.3-10.1mdk.i586.rpm

SLRN Development Team slrn 0.9.6 .2-9

• Debian 2.2 alpha slrn_0.9.6.2-9potato1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn _0.9.6.2-9potato1_alpha.deb


• Debian 2.2 alpha slrnpull_0.9.6.2-9potato1_alpha.deb
  http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn pull_0.9.6.2-9potato1_alpha.deb


• Debian 2.2 arm slrn_0.9.6.2-9potato1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0 .9.6.2-9potato1_arm.deb


• Debian 2.2 arm slrnpull_0.9.6.2-9potato1_arm.deb
  http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpu ll_0.9.6.2-9potato1_arm.deb


• Debian 2.2 i386 slrn_0.9.6.2-9potato1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_ 0.9.6.2-9potato1_i386.deb


• Debian 2.2 i386 slrnpull_0.9.6.2-9potato1_i386.deb
  http://security.debian.org/dists/stable/updates/main/binary-i386/slrnp ull_0.9.6.2-9potato1_i386.deb


• Debian 2.2 m68k slrn_0.9.6.2-9potato1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_ 0.9.6.2-9potato1_m68k.deb


• Debian 2.2 m68k slrnpull_0.9.6.2-9potato1_m68k.deb
  http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnp ull_0.9.6.2-9potato1_m68k.deb


• Debian 2.2 ppc slrn_0.9.6.2-9potato1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/sl rn_0.9.6.2-9potato1_powerpc.deb


• Debian 2.2 ppc slrnpull_0.9.6.2-9potato1_powerpc.deb
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/sl rnpull_0.9.6.2-9potato1_powerpc.deb


• Debian 2.2 sparc slrn_0.9.6.2-9potato1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn _0.9.6.2-9potato1_sparc.deb


• Debian 2.2 sparc slrnpull_0.9.6.2-9potato1_sparc.deb
  http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn pull_0.9.6.2-9potato1_sparc.deb

SLRN Development Team slrn 0.9.6 .4

• FreeBSD ports-4 i386 slrn-0.9.7.0.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/news/sl rn-0.9.7.0.tgz


• FreeBSD ports-5 i386 slrn-0.9.7.0.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/news/s lrn-0.9.7.0.tgz


• Red Hat Inc. 6.2 i386 slrn-pull-0.9.6.4-0.6.i386.rpm
  ftp://updates.redhat.com/6.2/i386/slrn-pull-0.9.6.4-0.6.i386.rpm


• Red Hat Inc. 6.2 sparc slrn-0.9.6.4-0.6.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/slrn-0.9.6.4-0.6.sparc.rpm


• Red Hat Inc. 7.0 alpha slrn-0.9.6.4-0.7.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/slrn-0.9.6.4-0.7.alpha.rpm


• Red Hat Inc. 6.2 alpha slrn-0.9.6.4-0.6.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/slrn-0.9.6.4-0.6.alpha.rpm


• Red Hat Inc. 6.2 alpha slrn-pull-0.9.6.4-0.6.alpha.rpm
  ftp://updates.redhat.com/6.2/alpha/slrn-pull-0.9.6.4-0.6.alpha.rpm


• Red Hat Inc. 6.2 i386 slrn-0.9.6.4-0.6.i386.rpm
  ftp://updates.redhat.com/6.2/i386/slrn-0.9.6.4-0.6.i386.rpm


• Red Hat Inc. 6.2 sparc slrn-pull-0.9.6.4-0.6.sparc.rpm
  ftp://updates.redhat.com/6.2/sparc/slrn-pull-0.9.6.4-0.6.sparc.rpm


• Red Hat Inc. 7.0 i386 slrn-0.9.6.4-0.7.i386.rpm
  ftp://updates.redhat.com/7.0/i386/slrn-0.9.6.4-0.7.i386.rpm


• Red Hat Inc. 7.0 i386 slrn-pull-0.9.6.4-0.7.alpha.rpm
  ftp://updates.redhat.com/7.0/alpha/slrn-pull-0.9.6.4-0.7.alpha.rpm


• Red Hat Inc. 7.0 i386 slrn-pull-0.9.6.4-0.7.i386.rpm
  ftp://updates.redhat.com/7.0/i386/slrn-pull-0.9.6.4-0.7.i386.rpm


• Wirex 6.2 i386 slrn-0.9.6.4-0.6_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-0.9.6.4-0.6_StackGu ard.i386.rpm


• Wirex 6.2 i386 slrn-pull-0.9.6.4-0.6_StackGuard.i386.rpm
  http://immunix.org/ImmunixOS/6.2/updates/RPMS/slrn-pull-0.9.6.4-0.6_St ackGuard.i386.rpm

SLRN Long Header Buffer Overflow Vulnerability

References: