Calife Local Memory Corruption Vulnerability
BID:9776
Info
Calife Local Memory Corruption Vulnerability
| Bugtraq ID: | 9776 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 01 2004 12:00AM |
| Updated: | Mar 01 2004 12:00AM |
| Credit: | Discovery of this vulnerability has been credited to DownBload <[email protected]>. |
| Vulnerable: |
Calife Calife 2.8.6 Calife Calife 2.8.5 Calife Calife 2.8.4 c |
| Not Vulnerable: | |
Discussion
Calife Local Memory Corruption Vulnerability
Calife has been reported prone to a local memory corruption vulnerability. The issue is likely due to a lack of sufficient sanity checks performed on certain sequences of data that is read from the file "/etc/calife.auth".
Due to the nature of this vulnerability, it has been conjectured that a local user who has write access to the "/etc/calife.auth" configuration file may potentially leverage this issue to have arbitrary instructions executed in the context of the root user.
Calife has been reported prone to a local memory corruption vulnerability. The issue is likely due to a lack of sufficient sanity checks performed on certain sequences of data that is read from the file "/etc/calife.auth".
Due to the nature of this vulnerability, it has been conjectured that a local user who has write access to the "/etc/calife.auth" configuration file may potentially leverage this issue to have arbitrary instructions executed in the context of the root user.
Exploit / POC
Calife Local Memory Corruption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Calife Local Memory Corruption Vulnerability
Solution:
Debian has released advisory DSA 461-1 dealing with this issue. Fixes are currently available.
Calife Calife 2.8.4 c
Solution:
Debian has released advisory DSA 461-1 dealing with this issue. Fixes are currently available.
Calife Calife 2.8.4 c
-
Debian calife_2.8.4c-1woody1_alpha.deb
Alpha Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_alpha.deb -
Debian calife_2.8.4c-1woody1_arm.deb
ARM Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_arm.deb -
Debian calife_2.8.4c-1woody1_hppa.deb
HP Precision Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_hppa.deb -
Debian calife_2.8.4c-1woody1_i386.deb
Intel IA-32 Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_i386.deb -
Debian calife_2.8.4c-1woody1_ia64.deb
Intel IA-64 Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_ia64.deb -
Debian calife_2.8.4c-1woody1_m68k.deb
Motorola 680x0 Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_m68k.deb -
Debian calife_2.8.4c-1woody1_mips.deb
Big endian MIPS Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_mips.deb -
Debian calife_2.8.4c-1woody1_mipsel.deb
Little endian MIPS Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_mipsel.deb -
Debian calife_2.8.4c-1woody1_powerpc.deb
PowerPC Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_powerpc.deb -
Debian calife_2.8.4c-1woody1_s390.deb
IBM S/390 Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_s390.deb -
Debian calife_2.8.4c-1woody1_sparc.deb
Sun Sparc Architecture:
http://security.debian.org/pool/updates/main/c/calife/calife_2.8.4c-1w oody1_sparc.deb