sup -- format string vulnerability

2004-06-18T00:00:00
ID DSA-521
Type debian
Reporter Debian
Modified 2004-06-18T00:00:00

Description

jaguar@felinemenace.org discovered a format string vulnerability in sup, a set of programs to synchronize collections of files across a number of machines, whereby a remote attacker could potentially cause arbitrary code to be executed with the privileges of the supfilesrv process (this process does not run automatically by default).

CAN-2004-0451: format string vulnerabilities in sup via syslog(3) in logquit, logerr, loginfo functions

For the current stable distribution (woody), this problem has been fixed in version 1.8-8woody2.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you update your sup package.