Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-432-1:7A7BB
HistoryFeb 03, 2004 - 4:03 p.m.

[SECURITY] [DSA 432-1] New crawl packages fix potential local games exploit

2004-02-0316:03:01
lists.debian.org
6

0.0004 Low

EPSS

Percentile

5.1%

JSON

Debian Security Advisory DSA 432-1 [email protected]
http://www.debian.org/security/ Martin Schulze
February 3rd, 2004 http://www.debian.org/security/faq

Package : crawl
Vulnerability : buffer overflow
Problem-Type : local
Debian-specific: no
CVE ID : CAN-2004-0103

Steve Kemp from the GNU/Linux audit project discovered a problem in
crawl, another console based dungeon exploration game, in the vein of
nethack and rogue. The program uses several environment variables as
inputs but doesn't apply a size check before copying one of them into
a fixed size buffer.

For the stable distribution (woody) this problem has been fixed in
version 4.0.0beta23-2woody1.

For the unstable distribution (sid) this problem has been fixed in
version 4.0.0beta26-4.

We recommend that you upgrade your crawl package.

Upgrade Instructions

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

Source archives:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1.dsc
  Size/MD5 checksum:      615 31b653a8f4676721dce6fd4cd0be466a
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1.diff.gz
  Size/MD5 checksum:     6917 b6265bdb9920f235974e956aee8ff3d8
http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23.orig.tar.gz
  Size/MD5 checksum:  1047863 6b988caff871f0df1c8f3cc907f2fce6

Alpha architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_alpha.deb
  Size/MD5 checksum:   846352 cd6c9b2e3f956ffb90044d3f612a0541

ARM architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_arm.deb
  Size/MD5 checksum:   612148 1d40c12a7687b8c2fbac1ea96df77904

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_i386.deb
  Size/MD5 checksum:   597308 23caee0901a3bb82a339865317bacec4

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_ia64.deb
  Size/MD5 checksum:   872990 650870a8100d6940786e51c8637bf620

HP Precision architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_hppa.deb
  Size/MD5 checksum:   710630 3901b6834ce7bf7a207a90a2b7dc1d06

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_m68k.deb
  Size/MD5 checksum:   582394 82175ccafa67ddf21c2ecbf76cc0bffd

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_mips.deb
  Size/MD5 checksum:   682518 6a0e340b338b97ee9a560e62b555d400

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_mipsel.deb
  Size/MD5 checksum:   680054 c943ac5a2b8f40e937911bcdc41b7f7b

PowerPC architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_powerpc.deb
  Size/MD5 checksum:   627012 6f582d4800a2f8a43aaed89bd9ee8d55

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_s390.deb
  Size/MD5 checksum:   595210 fc1e552be3a5e6f4a981feee849a672f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/c/crawl/crawl_4.0.0beta23-2woody1_sparc.deb
  Size/MD5 checksum:   618752 db57f6fdc7c73721739027dd46fc1515

These files will probably be moved into the stable distribution on
its next revision.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: [email protected]
Package info: `apt-cache show <pkg>' and http://packages.debian.org/&lt;pkg&gt;

OSVersionArchitecturePackageVersionFilename
Debian3allcrawl< 4.0.0beta23-2woody1crawl_4.0.0beta23-2woody1_all.deb

Related

debiancve 1
openvas 2
nessus 1
cvelist 1
nvd 1
osv 1
cve 1
debian 1
debiancve
debiancve
CVE-2004-0103
2004-03-03 05:00:00
openvas
openvas
Debian Security Advisory DSA 432-1 (crawl)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-432)
2008-01-17 00:00:00
nessus
nessus
Debian DSA-432-1 : crawl - buffer overflow
2004-09-29 00:00:00
cvelist
cvelist
CVE-2004-0103
2004-02-11 05:00:00
nvd
nvd
CVE-2004-0103
2004-03-03 05:00:00
osv
osv
crawl - buffer overflow
2004-02-03 00:00:00
cve
cve
CVE-2004-0103
2004-03-03 05:00:00
debian
debian
[SECURITY] [DSA 432-1] New crawl packages fix potential local games exploit
2004-02-03 16:03:01

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for DEBIAN:DSA-432-1:7A7BB
debiancve1openvas2nessus1cvelist1nvd1osv1cve1debian1