O-047: Debian 'nd' WebDAV command line Buffer Overflow Vulnerability Privacy and Legal Notice

CIAC INFORMATION BULLETIN

O-047: Debian 'nd' WebDAV command line Buffer Overflow Vulnerability

[Debian Security Advisory DSA-412-1]

 January 8, 2004 22:00 GMT
PROBLEM: Debian announced the discovery of multiple vulnerabilities in the 'nd' command-line WebDAV interface, where long strings received from the remote server could overflow fixed-length buffers.
PLATFORM: Debian GNU/Linux 3.0 (woody)
DAMAGE: If successfully exploited, a remote attacker could execute arbitrary code.
SOLUTION: - Update the nd package
- Update to version 0.5.0-1woody1
VULNERABILITY
ASSESSMENT:		 The risk is MEDIUM. A remote attacker could execute arbitrary code.
LINKS:  
  CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/o-047.shtml
  ORIGINAL BULLETIN: http://www.debian.org/security/2004/dsa-412
  CVE/CAN: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=
CAN-2004-0014 
[***** Start Debian Security Advisory DSA-412-1 *****]

Debian Security Advisory
DSA-412-1 nd -- buffer overflows
Date Reported: 
05 Jan 2004 
Affected Packages: 
nd 
Vulnerable: 
Yes 
Security database references: 
In Mitre's CVE dictionary: CAN-2004-0014.

More information: 
Multiple vulnerabilities were discovered in nd, a command-line WebDAV 
interface, whereby long strings received from the remote server could 
overflow fixed-length buffers. This vulnerability could be exploited 
by a remote attacker in control of a malicious WebDAV server to execute 
arbitrary code if the server was accessed by a vulnerable version of nd.

For the current stable distribution (woody) this problem has been fixed 
in version 0.5.0-1woody1.

For the unstable distribution (sid) this problem has been fixed in 
version 0.8.2-1.

We recommend that you update your nd package.

Fixed in: 
Debian GNU/Linux 3.0 (woody)
Source: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.dsc

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1.diff.gz

http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0.orig.tar.gz

Alpha: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_alpha.deb

ARM: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_arm.deb

Intel IA-32: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_i386.deb

Intel IA-64: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_ia64.deb

HPPA: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_hppa.deb

Motorola 680x0: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_m68k.deb

Big endian MIPS: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mips.deb

Little endian MIPS: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_mipsel.deb

PowerPC: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_powerpc.deb

IBM S/390: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_s390.deb

Sun Sparc: 
http://security.debian.org/pool/updates/main/n/nd/nd_0.5.0-1woody1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.


----------------------------------------------------------------------------
This page is also available in the following languages: 
Deutsch  español  français  svenska  
How to set the default document language 
----------------------------------------------------------------------------

See the Debian contact page for information on contacting us.

Last Modified: Wed, Jan 7 12:32:55 UTC 2004 
Copyright © 2004 SPI; See license terms
Debian is a registered trademark of Software in the Public Interest, Inc. 


[***** End Debian Security Advisory DSA-412-1 *****]
CIAC wishes to acknowledge the contributions of Debian for the information contained in this bulletin.
DOE-CIRC can be contacted at: 
    Voice:          +1 866-941-2472 (7 x 24)
    E-mail:          doecirc@doecirc.energy.gov
    World Wide Web:  http://www.doecirc.energy.gov/