Secunia Logo
 Vulnerability IntelligenceVulnerability ScanningCommunity - new!Blog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > ACM Network Protocol Integer Overflow Vulnerability
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
ACM Network Protocol Integer Overflow Vulnerability
Secunia Advisory: SA9139
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2003-06-30
Popularity: 8,266 views

Critical:
Moderately critical
Impact: DoS
System access
Where: From local network
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.0
Debian GNU/Linux unstable alias sid

Software:ACM 5.x
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2002-0391
Description:
Debian has reported a vulnerability in ACM, which potentially can be exploited by malicious people to compromise a user's system.

ACM uses a network protocol based on an older version of SunRPC. However, last year an integer overflow in the "xdr_array" function was discovered in this version, which can be exploited to execute arbitrary code on a vulnerable system.

Solution:
Updated packages:

-- Debian GNU/Linux 3.0 alias woody --

Source archives:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1.dsc
Size/MD5 checksum: 593 7b97e94d274f4042c7092c677a399d1a
http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1.diff.gz
Size/MD5 checksum: 14248 42f110d62edb95c352bb068d97833057
http://security.debian.org/pool/updates/main/a/acm/acm_5.0.orig.tar.gz
Size/MD5 checksum: 1239047 c0768937733989eb4b10708a782eaf6a

Alpha architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_alpha.deb
Size/MD5 checksum: 583226 32bc02220b0e335d079854f1ff1fbb8b

ARM architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_arm.deb
Size/MD5 checksum: 544240 3b0947f07c5fc24b33ed7af591021e1f

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_i386.deb
Size/MD5 checksum: 525616 a3a6a0285fb698d2032a36ab87fd6a1f

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_ia64.deb
Size/MD5 checksum: 648708 2959fba6dccaa512dc831f2b150fe293

HP Precision architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_hppa.deb
Size/MD5 checksum: 570940 9e003ccf3112edd2c349086ac9e7b05a

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_m68k.deb
Size/MD5 checksum: 515596 b618564e2e94ca304372084dc58753cc

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_mips.deb
Size/MD5 checksum: 581384 af7e8c6e422f5ff0701baefe2e567891

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_mipsel.deb
Size/MD5 checksum: 581420 a711924b81bf95dd7d8c1577bfe90589

PowerPC architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_powerpc.deb
Size/MD5 checksum: 549898 36dd4c082f90af46f2252b32cf0cd733

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_s390.deb
Size/MD5 checksum: 531922 936b063457eca68d5a54a638d32a0134

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/a/acm/acm_5.0-3.woody.1_sparc.deb
Size/MD5 checksum: 547274 adaaee0cdbfd7eaf552dec2de2f16f9b


-- Debian GNU/Linux unstable alias sid --

Fixed in version 5.0-10.

Original Advisory:
http://www.debian.org/security/2003/dsa-333

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

2nd Dec, 2008
New advisories: 14
New vulnerabilities: 21
Updated advisories: 26

Less // 389 views
Linksys WRT160N Cross-Site Scripting Vulnerability
Less // 369 views
IBM Rational ClearQuest Multiple Vulnerabilities
Not // 293 views
Debian update for flamethrower
Not // 283 views
flamethrower Insecure Temporary Files
Less // 341 views
IBM Rational ClearCase Cross-Site Scripting Vulnerability
Not // 328 views
DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability
Not // 323 views
Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities
Moderately // 312 views
Rumpus Multiple Vulnerabilities
Less // 328 views
bcoos "cid" SQL Injection Vulnerability
Moderately // 343 views
ASP Portal "ASPPortal.mdb" Database Disclosure Security Issue

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Sun Java JDK / JRE Multiple Vulnerabilities // 73 views
2. Linksys WRT160N Cross-Site Scripting Vulnerability // 31 views
3. ClamAV "cli_check_jpeg_exploit()" Denial of Service Vulnerability // 31 views
4. Adobe Acrobat/Reader Multiple Vulnerabilities // 31 views
5. IBM Rational ClearQuest Multiple Vulnerabilities // 28 views
6. Debian update for flamethrower // 27 views
7. Rumpus Multiple Vulnerabilities // 23 views
8. bcoos "cid" SQL Injection Vulnerability // 23 views
9. IBM Rational ClearCase Cross-Site Scripting Vulnerability // 23 views
10. DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability // 23 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008