Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > August 2006 > Two Debian Security Advisories: 1. DSA 1163-1 - New gtetrinet packages fix arbitrary code execution 2. DSA 1164-1 - New sendmail packages fix denial of service

August 2006

Two Debian Security Advisories: 1. DSA 1163-1 - New gtetrinet packages fix arbitrary code execution 2. DSA 1164-1 - New sendmail packages fix denial of service

ID: 00587
Ref: 562/2006
Date: 31 August 2006:14:45:07
Version: 1
Title: Two Debian Security Advisories: 1. DSA 1163-1 - New gtetrinet packages fix arbitrary code execution 2. DSA 1164-1 - New sendmail packages fix denial of service
Abstract:
Vendors affected: Debian
Operating systems affected: Debian
Applications affected: Debian
Title
=====

Two Debian Security Advisories:

1. DSA 1163-1 - New gtetrinet packages fix arbitrary code execution

2. DSA 1164-1 - New sendmail packages fix denial of service

Detail
======

1. Michael Gehring discovered several potential out-of-bounds index
accesses in gtetrinet, a multiplayer Tetris-like game, which may allow
a remove server to execute arbitrary code.

2. A programming error has been discovered in sendmail, an alternative
mail transport agent for Debian, that could allow a remote attacker to
crash the sendmail process by sending a specially crafted email
message.



1.



- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1163-1 security@debian.org
http://www.debian.org/security/ Martin Schulze
August 30th, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : gtetrinet
Vulnerability : programming error
Problem type : remote
Debian-specific: no
CVE ID : CVE-2006-3125

Michael Gehring discovered several potential out-of-bounds index
accesses in gtetrinet, a multiplayer Tetris-like game, which may allow
a remove server to execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.7.8-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gtetrinet package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc
Size/MD5 checksum: 1458 f0e79e08b32da17b7fec81953058bfd6
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz
Size/MD5 checksum: 6536 8e5ec47971abaefe25c81eddbd08df03
http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz
Size/MD5 checksum: 513790 bff5b52ead863ac2ac859880abbab2c4

Alpha architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb
Size/MD5 checksum: 305500 ada4429dedbe5c2a6481e2a0a7c2b8aa

AMD64 architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb
Size/MD5 checksum: 295034 657a0a323a479444ed04becdd494726d

ARM architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb
Size/MD5 checksum: 289166 7fceb7b8fd84d2e4e4792222e1ea74bf

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb
Size/MD5 checksum: 291430 8e395773c184dfdb379342fc3805e9ce

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb
Size/MD5 checksum: 316198 76659d5ee5072dfb30c58d9967239936

HP Precision architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb
Size/MD5 checksum: 297686 c55008b4d7d679311a41a331cd3fc437

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb
Size/MD5 checksum: 284212 9b70187f40dac186929be12f38c900dc

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb
Size/MD5 checksum: 291736 9a30091ac2ab35a65bb4f0689dca0705

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb
Size/MD5 checksum: 290484 1fc68ebb2e3ea41326500e6394c41a6e

PowerPC architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb
Size/MD5 checksum: 293458 8b005ce2049acc89205c9aa74dd3fc4f

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb
Size/MD5 checksum: 295194 2fc0597edcad6cc1af5d7b08c734ae08

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb
Size/MD5 checksum: 289322 e944d44ed1aa2e9ae32d9d8571affd33


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9aDTW5ql+IAeqTIRAsueAKCY2HDPMsy7JRPI6QsBZBEJDDoD0QCfblE2
jQ1NIFLKDlHpIpdBCxxa3RE=
=WMbc
- -----END PGP SIGNATURE-----



2.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - --------------------------------------------------------------------------
Debian Security Advisory DSA 1164-1 security@debian.org
http://www.debian.org/security/ Noah Meyerhans
August 31st, 2006 http://www.debian.org/security/faq
- - --------------------------------------------------------------------------

Package : sendmail
Vulnerability : programming error
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4434
BugTraq ID : 19714
Debian Bug : 385054

A programming error has been discovered in sendmail, an alternative
mail transport agent for Debian, that could allow a remote attacker to
crash the sendmail process by sending a specially crafted email
message.

Please note that in order to install this update you also need
libsasl2 library from proposed updates as outlined in DSA 1155-2.

For the stable distribution (sarge) this problem has been fixed in
version 8.13.3-3sarge3

For the unstable distribution (sid) this problem has been fixed in
version 8.13.8-1

We recommend that you upgrade your sendmail package.


Upgrade Instructions
- - --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.dsc
Size/MD5 checksum: 911 89bbdc6b7a1d33146d978408ac7feee2
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3.diff.gz
Size/MD5 checksum: 385075 a1408b377f382dacfc7d87ef880af60b
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4.orig.tar.gz
Size/MD5 checksum: 1968047 d80dc659df96c63d227ed80c0c71b708

Architecture independent components:

http://security.debian.org/pool/updates/main/s/sendmail/sendmail-base_8.13.4-3sarge3_all.deb
Size/MD5 checksum: 340668 0fd9a5ace798e807cbc60b7a31919a28
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-cf_8.13.4-3sarge3_all.deb
Size/MD5 checksum: 279382 1e8db425833f332fa8a525dc107e4614
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-doc_8.13.4-3sarge3_all.deb
Size/MD5 checksum: 692570 b07b9cfd99ee3bfe38feb62ec408d494
http://security.debian.org/pool/updates/main/s/sendmail/sendmail_8.13.4-3sarge3_all.deb
Size/MD5 checksum: 192242 ce9a17d66058281af9d69563e11c910c

Alpha architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_alpha.deb
Size/MD5 checksum: 319082 223ecb915309c2f467fee4dc70dbb29a
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_alpha.deb
Size/MD5 checksum: 215652 ed63343a42038fdbf292d20e582a9fa3
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_alpha.deb
Size/MD5 checksum: 228890 8d087fceb3d923f4892d550419fe6f88
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_alpha.deb
Size/MD5 checksum: 953980 f50d2db2a52e150ec7466750a5e44bc5
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_alpha.deb
Size/MD5 checksum: 198182 af2d885e481c00326b2353a071df40b9

AMD64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_amd64.deb
Size/MD5 checksum: 296634 6bd8032a3c89d24f918c544ec87794cc
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_amd64.deb
Size/MD5 checksum: 213268 41723080176c78d5f2cf1d5764bba131
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_amd64.deb
Size/MD5 checksum: 225344 27729b95e621ad6fc194e45c845268c7
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_amd64.deb
Size/MD5 checksum: 851254 4928097e8c69f01e33d29bd0e371e796
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_amd64.deb
Size/MD5 checksum: 197736 f5e2dde229ccd6457323c6d7dc746420

ARM architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_arm.deb
Size/MD5 checksum: 291974 abf756019dd7a2f75b3bc5c6fc858ec0
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_arm.deb
Size/MD5 checksum: 211618 bc7b0597b85aeedbd891d1782aea9b0f
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_arm.deb
Size/MD5 checksum: 223712 904f2d271dd078850291aa63fed9c077
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_arm.deb
Size/MD5 checksum: 829384 96686dd8dcd45be34f2f34f64222f558
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_arm.deb
Size/MD5 checksum: 197276 714fd487ba82221cf9261d61c833b20b

HP Precision architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_hppa.deb
Size/MD5 checksum: 301562 6991aa63aa29e3753ea4eda0e74004f6
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_hppa.deb
Size/MD5 checksum: 215700 cc89d2e0be9162c065467bfb3e5fc5e8
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_hppa.deb
Size/MD5 checksum: 229448 4ed50645b31de5c3b7747286a1de8ce9
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_hppa.deb
Size/MD5 checksum: 919852 50e486568dec792055f001172a38d45c
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_hppa.deb
Size/MD5 checksum: 198168 3802ef117e38733a991721a6e70167a5

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_i386.deb
Size/MD5 checksum: 287344 23bd405e21c9de501d7e8957ed5b2eae
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_i386.deb
Size/MD5 checksum: 211730 2edbe3c6b12742657071e43618211f97
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_i386.deb
Size/MD5 checksum: 222522 907a59032ba64011292bbff04e001409
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_i386.deb
Size/MD5 checksum: 812646 8dc795ba8ffc47659d95f727c20c4711
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_i386.deb
Size/MD5 checksum: 197428 64eab16e247f5ed9af468e2e804a3e53

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_ia64.deb
Size/MD5 checksum: 330754 6f32b98862faace5980f5a809acbdbf7
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_ia64.deb
Size/MD5 checksum: 220496 f94e024b1d70452c6e31aae8032c80cf
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_ia64.deb
Size/MD5 checksum: 239734 77b337f036edd22ffee5bcd26ccc53fd
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_ia64.deb
Size/MD5 checksum: 1162690 39b68375190c0ed7b7f6ec42cc08feb3
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_ia64.deb
Size/MD5 checksum: 199028 ac0d46969e6f38ba6ea9695ba012fb83

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_m68k.deb
Size/MD5 checksum: 272860 8b2a2e0cb36979ec484ae21ee7b952f3
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_m68k.deb
Size/MD5 checksum: 210922 2c80dc1697abb910900d9dea976e0111
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_m68k.deb
Size/MD5 checksum: 218922 63292f132b4c14935d66eafbd10c8b59
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_m68k.deb
Size/MD5 checksum: 728606 396de790dcc5135069bbb4374c27ae41
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_m68k.deb
Size/MD5 checksum: 197236 9241946b199056978336c255c072d348

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mips.deb
Size/MD5 checksum: 293200 0e8866145d40f303d076b2529038bad3
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mips.deb
Size/MD5 checksum: 212100 55ba2084a7d0b43994a8c983c11e08d8
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mips.deb
Size/MD5 checksum: 227434 c559e338459cefee76c1a2ab3efc40e6
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mips.deb
Size/MD5 checksum: 883544 29e2b015a7e86d0ef26a779b73e23c11
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mips.deb
Size/MD5 checksum: 198194 3fd107d5b11c0b83d6894b360f5d2f2e

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_mipsel.deb
Size/MD5 checksum: 293842 787fb9e91e842e7f712396a8d585da95
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_mipsel.deb
Size/MD5 checksum: 212282 4e19166d5eb89e0d30dd0a632f0efba3
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_mipsel.deb
Size/MD5 checksum: 227590 aa971533751193be6b37b1616f321cad
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_mipsel.deb
Size/MD5 checksum: 886922 98ee38b69275c0dd03425316c8c288bc
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_mipsel.deb
Size/MD5 checksum: 198222 a04e73c2282781f36cd8323297f5d5b0

PowerPC architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_powerpc.deb
Size/MD5 checksum: 294438 1a5d40faaf7c440b9a37c808df4bd252
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_powerpc.deb
Size/MD5 checksum: 214504 ea3bd8e59d8d2a9987fde2a5bbc1073b
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_powerpc.deb
Size/MD5 checksum: 226918 25f3b5b6310e41eb0f151dfddc556caa
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_powerpc.deb
Size/MD5 checksum: 865018 88a5ffaa0bbc0c856c0402f9bc4a9479
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_powerpc.deb
Size/MD5 checksum: 197786 0959fe3b6f7e445abed6b5f2c9992684

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_s390.deb
Size/MD5 checksum: 295212 e6095777105434012463b4e3009cb332
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_s390.deb
Size/MD5 checksum: 213348 0bda9d806c5006edea39afecae1ad329
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_s390.deb
Size/MD5 checksum: 228722 90e47d3b0839b7ad337b29a3b212ee09
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_s390.deb
Size/MD5 checksum: 875318 9c6a10583814ce3ba0b0fcde1aab1893
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_s390.deb
Size/MD5 checksum: 197708 f03a2ce3e1d9644eef33a805e42f3705

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/s/sendmail/libmilter-dev_8.13.4-3sarge3_sparc.deb
Size/MD5 checksum: 285462 76b0de0933652b1010ec2ac044b8081b
http://security.debian.org/pool/updates/main/s/sendmail/libmilter0_8.13.4-3sarge3_sparc.deb
Size/MD5 checksum: 211670 8fd780da99800d30ab26755790b37eb6
http://security.debian.org/pool/updates/main/s/sendmail/rmail_8.13.4-3sarge3_sparc.deb
Size/MD5 checksum: 222924 5cc657807e798fb6dfc6910c4d3c13ae
http://security.debian.org/pool/updates/main/s/sendmail/sendmail-bin_8.13.4-3sarge3_sparc.deb
Size/MD5 checksum: 819536 232fadedc528ab4962c543796a277055
http://security.debian.org/pool/updates/main/s/sendmail/sensible-mda_8.13.4-3sarge3_sparc.deb
Size/MD5 checksum: 197440 a6775780418e0729d016ae80774b336d


These files will probably be moved into the stable distribution on
its next update.

- - ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9nFHW5ql+IAeqTIRAjHmAJ973UTk59u9UriviGTw2BdgO2/A0QCgn14C
Tt26hGuiifXNUxocvPpodTU=
=pVIz
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |