---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_vacancies/ Secunia is looking for new researchers with a reversing background and experience in writing exploit code: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ http://secunia.com/Disassembling_og_Reversing/ ---------------------------------------------------------------------- TITLE: Debian update for openafs SECUNIA ADVISORY ID: SA24607 VERIFY ADVISORY: http://secunia.com/advisories/24607/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: >From local network OPERATING SYSTEM: Debian GNU/Linux unstable alias sid http://secunia.com/product/530/ Debian GNU/Linux 3.1 http://secunia.com/product/5307/ DESCRIPTION: Debian has issued an update for openafs. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges. For more information: SA24582 SOLUTION: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.dsc Size/MD5 checksum: 851 45351031494d87ff12f1bf08d14533f9 http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81-3sarge2.diff.gz Size/MD5 checksum: 262444 5804a2d738b2ec24f4055489c6287dca http://security.debian.org/pool/updates/main/o/openafs/openafs_1.3.81.orig.tar.gz Size/MD5 checksum: 13455346 d754e92f7a0cd9824991c850e001884c Architecture independent packages: http://security.debian.org/pool/updates/main/o/openafs/openafs-modules-source_1.3.81-3sarge2_all.deb Size/MD5 checksum: 4491356 e71b35c9862df561b51b67a3c90fafc9 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 1111578 026440f88e9a4929dfe1c1eb7b5da586 http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 2227596 e5517039ed51c445dbc02fb13be3e952 http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 306552 b7afabee0f80a4bf00ab42eb84f165c2 http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 693726 76ce60f5f960fb68301d15653dea0873 http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 269148 928b0eab345fe24ec067dfe46540fce6 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_alpha.deb Size/MD5 checksum: 1878670 e75770cead20c34ba5f27f56d13689e9 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 229812 ed52b06bdb86dc060a430efad6e5c1a2 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 1442080 1a037eab6cf0e2701c127c85c06386ae http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 1833326 f95cb03cff5282ee9acc5489ab0821b9 http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 246488 67f3c4fc899fd29353bf4c7a46e8976d http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 555870 5996c7f12878a0202c036b30280fbc3f http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_amd64.deb Size/MD5 checksum: 884258 d57b751026bfd2b05aca393f55e83d1c hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 250140 60ce4a5b1fe0c079d31e77f7d025c702 http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 919068 9ca7af6733d9e2f5601b8159016619a1 http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 1827790 256160195fcb04f911baa870aca98956 http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 555916 374b8b31f343785ff8d2e671e7e73eab http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 248664 b3a8d024c19de251e2e190e54fe5cc10 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_hppa.deb Size/MD5 checksum: 1507594 2b07da638f4c0d3acbca303dcf2c3414 i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 205962 11e4dfaf88f70f36cf9d25d9c18998aa http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 467028 752c5b703fa2f013ddd21817d82749f4 http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 1549640 05dba8404a3d8257e06b612cf07efc74 http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 783268 86567fbce7562f935b17a7e760bb9fbc http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 217288 5008556d2e73108e1c3db41643df22b3 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_i386.deb Size/MD5 checksum: 1260276 d57b49ef1af6ca9c0b1b35066ecb20dd ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 2591976 3f9a094d54d6e8c2dbec0f20f26acdc2 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 1841346 3f696ba4ea1e97b4c2bdd4c8cbd0bf33 http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 1277708 e5fd2c145c6d5c9a401629bc595b531a http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 310238 dfd2d50fd6750ac5a4e7ddcdd3ddd532 http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 767784 ddea6844bb5d1b686ac77e216cb254cc http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_ia64.deb Size/MD5 checksum: 350246 7098128a63c0031b4776888544f44a0c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 229680 adc0ee24b299a72a3080042526bdf335 http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 517686 a7b07d334d079e32aee66bb05d80711e http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 1460156 d13af55e2d4f9a3d3a97495681f6b37b http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 852198 da3a7270c45eda7d0a72c5793af0435b http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 223486 6fcec53ed212b0950a680653cb2f829d http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_powerpc.deb Size/MD5 checksum: 1692132 9e26a7d34e736eb6150a616381619a7c s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 212066 13397ac230bf12c3900a926a8b36fc31 http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 1536368 fab1b06025fb4b9db78b5358d832fd70 http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 224796 72c0a37213a8844e9862691eda755a3f http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 762190 cc9f29f4e0a4c234d6a5d87237fb2c03 http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 1383788 2405aec9aad97354db6427f55d8ab988 http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_s390.deb Size/MD5 checksum: 473242 13ecf61e03a031cce4171abbc3c9c045 sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/o/openafs/openafs-client_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 1542604 506c656b335f86e815fca789b1dc0c8a http://security.debian.org/pool/updates/main/o/openafs/libpam-openafs-kaserver_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 215842 b393c0429c1dfc36dbef36cc4d43bf2b http://security.debian.org/pool/updates/main/o/openafs/openafs-fileserver_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 775060 6a99cdcce7a5c83428fc48c607f0a02c http://security.debian.org/pool/updates/main/o/openafs/libopenafs-dev_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 1331494 30b726724767f17b90738f8bdd4e8b9f http://security.debian.org/pool/updates/main/o/openafs/openafs-dbserver_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 459596 c4b83804dd1ca1179af4919130ff0b0e http://security.debian.org/pool/updates/main/o/openafs/openafs-kpasswd_1.3.81-3sarge2_sparc.deb Size/MD5 checksum: 209508 0f73ab95372029f340702812b5928248 -- Debian GNU/Linux unstable alias sid -- Reportedly, this problem will be fixed in version 1.4.2-6. ORIGINAL ADVISORY: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00026.html OTHER REFERENCES: SA24582: http://secunia.com/advisories/24582/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------