Secunia Logo
Netsikker nu! 2008
 Vulnerability IntelligenceVulnerability ScanningBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Intelligence > Secunia Advisories > Debian update for cheesetracker
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists & RSS
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About
 
Debian update for cheesetracker
Secunia Advisory: SA21759
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2006-09-04
Popularity: 6,409 views

Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

OS:Debian GNU/Linux 3.1
Debian GNU/Linux unstable alias sid
Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2006-3814
Description:
Debian has issued an update for cheesetracker. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the XM loader in cheesetracker/loaders/loader_xm.cpp when handling input files. This can be exploited to cause a stack-based buffer overflow and may allow arbitrary code execution via a specially crafted input file.

Solution:
Apply updated package.

-- Debian GNU/Linux 3.1 alias sarge --

Source archives:

http://security.debian.org/pool/updat...acker/cheesetracker_0.9.9-1sarge1.dsc
Size/MD5 checksum: 659 94fe4cfb651e3fd373a79d8928b7c24c
http://security.debian.org/pool/updat...r/cheesetracker_0.9.9-1sarge1.diff.gz
Size/MD5 checksum: 14286 c3e831161af73cb234e5ccee329e90ae
http://security.debian.org/pool/updat...acker/cheesetracker_0.9.9.orig.tar.gz
Size/MD5 checksum: 842246 d2cb55cd35eaaaef48454a5aad41a08d

Alpha architecture:

http://security.debian.org/pool/updat...cheesetracker_0.9.9-1sarge1_alpha.deb
Size/MD5 checksum: 1138458 aa9cab8b149d4824c4f19ef8f89f2200

AMD64 architecture:

http://security.debian.org/pool/updat...cheesetracker_0.9.9-1sarge1_amd64.deb
Size/MD5 checksum: 929228 67b42bf5ca9b7b7c230bb21a5ec3942d

ARM architecture:

http://security.debian.org/pool/updat...r/cheesetracker_0.9.9-1sarge1_arm.deb
Size/MD5 checksum: 1159110 04e55102d781a572aa1e091a75c7c615

HP Precision architecture:

http://security.debian.org/pool/updat.../cheesetracker_0.9.9-1sarge1_hppa.deb
Size/MD5 checksum: 1248130 547aa7324369bb2572d28558a418bd6f

Intel IA-32 architecture:

http://security.debian.org/pool/updat.../cheesetracker_0.9.9-1sarge1_i386.deb
Size/MD5 checksum: 904204 286d04ae0c9893c894b67d2336e9aae9

Intel IA-64 architecture:

http://security.debian.org/pool/updat.../cheesetracker_0.9.9-1sarge1_ia64.deb
Size/MD5 checksum: 1292230 d6e5e7d89f45509cccb1a51498629bdf

Motorola 680x0 architecture:

http://security.debian.org/pool/updat.../cheesetracker_0.9.9-1sarge1_m68k.deb
Size/MD5 checksum: 977470 6287cf1f532affc53921547dd9b9a6a4

PowerPC architecture:

http://security.debian.org/pool/updat...eesetracker_0.9.9-1sarge1_powerpc.deb
Size/MD5 checksum: 968684 839f5a35fe36eb2f12627d5b9e6bbd8b

IBM S/390 architecture:

http://security.debian.org/pool/updat.../cheesetracker_0.9.9-1sarge1_s390.deb
Size/MD5 checksum: 871530 9b6f802a60f568a537d7f6e40f15e4da

Sun Sparc architecture:

http://security.debian.org/pool/updat...cheesetracker_0.9.9-1sarge1_sparc.deb
Size/MD5 checksum: 975272 c0cc12c0095961806788d1871acbbf54

-- Debian GNU/Linux unstable alias sid --

Fixed in version 0.9.9-6.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://www.us.debian.org/security/2006/dsa-1166

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

6th Oct, 2008
New advisories: 19
New vulnerabilities: 52
Updated advisories: 26

Moderately // 267 views
Serv-U File Renaming Directory Traversal and STOU Denial of Service
Moderately // 278 views
JMweb MP3 Script "src" File Inclusion Vulnerabilities
Less // 250 views
AmpJuke "special" SQL Injection Vulnerability
Less // 267 views
Website Directory "keyword" Cross-Site Scripting Vulnerability
Less // 261 views
Nucleus EUC-JP Cross-Site Scripting Vulnerability
Not // 538 views
Microsoft Windows Vista Page Fault Handling Denial of Service
Less // 249 views
Kontiki Delivery Management System "action" Cross-Site Scripting
Moderately // 276 views
PHP-Fusion Recepies Module "kat_id" SQL Injection
Highly // 663 views
VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities
Highly // 562 views
VMware VirtualCenter Multiple Vulnerabilities

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Zeroboard Multiple Vulnerabilities // 62 views
2. Zeroboard Multiple Script Insertion Vulnerabilities // 58 views
3. VMware ESX Server Sun Java JDK / JRE Multiple Vulnerabilities // 46 views
4. Microsoft Windows Vista Page Fault Handling Denial of Service // 37 views
5. pMachine "pm_path" File Inclusion Vulnerability // 35 views
6. Serv-U File Renaming Directory Traversal and STOU Denial of Service // 32 views
7. VMware VirtualCenter Multiple Vulnerabilities // 31 views
8. VMware ESX / ESXi "JMP" Privilege Escalation Vulnerability // 26 views
9. JMweb MP3 Script "src" File Inclusion Vulnerabilities // 24 views
10. Kontiki Delivery Management System "action" Cross-Site Scripting // 23 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs | About Secunia
Copyright Secunia 2002-2008