DSA 1190-1: New maxdb-7.5.00 packages fix execution of arbitrary code
Posted on: 10/04/2006 09:00 PM

The Debian Security Team published a new security update for Debian GNU/Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1XXX-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
October 4th, 2006 http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package : maxdb-7.5.00
Vulnerability : buffer overflow
Problem-Type : remote
Debian-specific: no
CVE ID : CVE-2006-4305
Debian Bug : 386182

Oliver Karow discovered that the WebDBM frontend of the MaxDB database
performs insufficient sanitising of requests passed to it, which might
lead to the execution of arbitrary code.

For the stable distribution (sarge) this problem has been fixed in
version 7.5.00.24-4.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your maxdb-7.5.00 package.


Upgrade Instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.dsc
Size/MD5 checksum: 1141 2747ee99a22fd9b6ba0ee9229cf23956
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24-4.diff.gz
Size/MD5 checksum: 102502 b00c857a9956eed998e17a155d692d8b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-7.5.00_7.5.00.24.orig.tar.gz
Size/MD5 checksum: 16135296 4d581530145c30a46ef7a434573f3beb

AMD64 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 681616 b4bf816d096fc5cf147e530979de8c2a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 835926 0c6f2a9e4d8c945937afd044e15ff688
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 602828 f1ff9957fd7713422f589e2b5ce878e1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 110542 d1b0ad84bba2fbf2e1fc66870d217c1a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 879638 6c14c3e14f8a3d311b753da8059e8718
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1002292 249bf89f7f2b342fc23bb230c87ce0d2
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1924254 fedf03c8551d3c89fdcf9bd381ce25a9
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 1861026 7cd7e22627438e425fc014d5c0689882
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 2815606 12eca89b6c94a93f0805a3be61f053f5
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 11762902 9543cd40e9dd2bd31668dc34bdde714b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 5454626 1a9e3e48fe5e5d0088e896ca1e2c535a
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 125258 cbc85c2295d40664794d8dea7fdefe36
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 2469898 7cf201e9a125267ab012196a6515b4bd
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 57530 cc1d8ba42c0213d233ecb07855733fab
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 52896 2623c86e1e8c104a7b6e534283f92d88
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 388490 dc2719125122fc8c9d74cf621db8a159
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 195236 edff932c86a91803ac12fa12afdffe80
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 388500 7e4f4d52029cffb09b4dec330be23f9f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_amd64.deb
Size/MD5 checksum: 195262 579c30388c18177e6a59fdb5b7a228ce

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 724428 7f3da03ea2e15ec1906a17a844a8de71
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb
Size/MD5 checksum: 884322 f87be31d0c3ccc25826a8adbb90c0fd8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 662674 b768894d4d0613c7a78561ec3c63a736
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb
Size/MD5 checksum: 113500 0762412421cc8bba7920cd3e5c7ba912
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_i386.deb
Size/MD5 checksum: 959610 05077a4995b6f30736dd031f650fc8bb
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 1151380 f5952dd48f3c289d59c59869a7910675
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 2074392 198c3e94e284f312acb8a60680fb3dac
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_i386.deb
Size/MD5 checksum: 1998244 e85b595329b9d3ee86abca690ae8205f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_i386.deb
Size/MD5 checksum: 3087456 3ba8dc9c84e7e0d65e07b8d1f469adcd
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 13245168 5bcd0e38d550518e611a510d338a3bd8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb
Size/MD5 checksum: 6269766 b747c1d1155a6512266a1ce3e52a6ce1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_i386.deb
Size/MD5 checksum: 132864 f0c46a30fd72b4a29e93b9b75042c6a8
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_i386.deb
Size/MD5 checksum: 2619482 9b66168b5b70efbd69c16a06e2de734d
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 57534 7d4cb5ef1fa3bf65d79b590023cdc1db
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 52902 61f35976dd90a9e461dfceea5430fa1e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 411124 79212c1b66ae516b5404f4d1bb314dc6
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 204636 ae693e5ef1041afef92f11fa81314dfe
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_i386.deb
Size/MD5 checksum: 411094 3974583dbdfb586097274e4aaddf376b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_i386.deb
Size/MD5 checksum: 204620 c2f00a1d54744ed51c547e681595f537

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 928300 8f9b50424dae7723c38aac9e0c9a52ab
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1057976 d1127e1ab07ac2a3bc485f040fb0339c
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 911096 4b2d26b87f9e8abe2a8cabb5f5a3dc38
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 125196 c590b2aeb6e773afc78b234880679d0b
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1157550 bc505370fe0b635ed20241dcec297922
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-dbmcli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 1457434 239d74377e81b0d4cceed7e1c99553a5
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-loadercli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 2340496 2f32566da56fcaed5a889f29b2df2ae1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-lserver_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 2253224 b49a58cd8ad452633f57c0d4c2bb7ccc
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 4126188 db0b224332c029575c85ec3b4af7055f
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 16985506 7634c5b20bbed0b559c5a30a70abcff1
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 8270364 76ac234b9524ec827443e44270b10a7d
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-sqlcli_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 172092 c89208be8d296c2a188b52b60e42ff1c
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/maxdb-webtools_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 3018916 de87cf29f90c5b6e08698411c6ee6366
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 57530 67e6ce8dfb5282aed0aaf8c0d2e3dfba
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 52898 00f142490fbc22408ef5347abf228baa
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 512998 f38b9df396ef132650ddbd151780f5ce
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 247500 d014a66017bbabc285f0bb42df85a71e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 513000 244752450b149746ec25fbbb67037d9e
http://security.debian.org/pool/updates/main/m/maxdb-7.5.00/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb
Size/MD5 checksum: 247500 06b34ba0ab20719baf4c44a828de0436


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show lt;pkggt;' and http://packages.debian.org/lt;pkggt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFJA4bXm3vHE4uyloRAvJaAKCmoL1XOehnfuEcQZz7K+pSB5EsmgCg0znT
uUwjk8wo+yxSwouQPhCPxBo=
=54an
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/dsa_1190_1_new_maxdb_7500_packages_fix_execution_of_arbitrary_code.html)