Debian Security Advisory

super -- Buffer overflow in super.

Date Reported:

15 Feb 1999

Affected Packages:

Vulnerable:

Yes

Security database references:

In the Bugtraq database (at SecurityFocus): BugTraq ID 342, BugTraq ID 397.
In Mitre's CVE dictionary: CVE-1999-0373, CVE-1999-0381.

More information:

We have received reports about two buffer overflows in the super package which was distributed as part of Debian GNU/Linux. Firstly, for per-user .supertab files super didn't check for a buffer overflow when creating the path to the user's .supertab file. Secondly another buffer overflow did allow ordinary users to overflow super by creating a nasty personal .supertab file. We recommend you upgrade your super packages immediately.

An analysis of the super vulnerability is available at this Securityfocus archive page.

Fixed in:

Source:: http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7.orig.tar.gz; http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.diff.gz; http://ftp.debian.org/debian/dists/potato/main/source/admin/super_3.11.7-1.dsc
i386:: http://ftp.debian.org/debian/dists/potato/main/binary-i386/admin/super_3.11.7-1.deb
m68k:: http://ftp.debian.org/debian/dists/potato/main/binary-m68k/admin/super_3.11.7-1.deb