• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

NASM Error Preprocessor Directive Buffer Overflow Vulnerability

Solution:
SGI has released an advisory 20050502-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

Fedora advisory FEDORA-2005-322 for Fedora Core 3 is available to address this issue. Fixes may be installed using the Red Hat Update Agent; this can be accomplished using the 'up2date' command. Please see the referenced advisory for more information.

Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo Linux has released an advisory (GLSA 200412-20) dealing with this issue. All NASM users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"

For more information, please see the referenced Gentoo Linux advisory.

Ubuntu has released an advisory USN-45-1 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 623-1 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

Mandrake has released advisory MDKSA-2005:004 to address this issue. Please see the attached advisory for details on obtaining and appying fixes.

RedHat has released advisory RHSA-2005:381-06 to address this issue. Please see the attached advisory for details on obtaining and appying fixes.


NASM NASM 0.98.28

• Debian nasm_0.98.28cvs-1woody2_alpha.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_alpha.deb


• Debian nasm_0.98.28cvs-1woody2_arm.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_arm.deb


• Debian nasm_0.98.28cvs-1woody2_hppa.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_hppa.deb


• Debian nasm_0.98.28cvs-1woody2_i386.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_i386.deb


• Debian nasm_0.98.28cvs-1woody2_ia64.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_ia64.deb


• Debian nasm_0.98.28cvs-1woody2_m68k.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_m68k.deb


• Debian nasm_0.98.28cvs-1woody2_mips.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_mips.deb


• Debian nasm_0.98.28cvs-1woody2_mipsel.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_mipsel.deb


• Debian nasm_0.98.28cvs-1woody2_powerpc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_powerpc.deb


• Debian nasm_0.98.28cvs-1woody2_s390.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_s390.deb


• Debian nasm_0.98.28cvs-1woody2_sparc.deb
  Debian GNU/Linux 3.0 alias woody
  http://security.debian.org/pool/updates/main/n/nasm/nasm_0.98.28cvs-1w oody2_sparc.deb

NASM NASM 0.98.34

• TurboLinux nasm-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/nasm-0.98.34-5.i586.rpm


• TurboLinux nasm-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/nasm-0.98.34-5.i586.rpm


• TurboLinux nasm-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/nasm-0.98.34-5.i586.rpm


• TurboLinux nasm-rdoff-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm


• TurboLinux nasm-rdoff-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm


• TurboLinux nasm-rdoff-0.98.34-5.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/nasm-rdoff-0.98.34-5.i586.rpm

NASM NASM 0.98.38

• Fedora nasm-0.98.38-3.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-0.98.38-3.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-debuginfo-0.98.38-3.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-debuginfo-0.98.38-3.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-doc-0.98.38-3.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-doc-0.98.38-3.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-rdoff-0.98.38-3.FC3.i386.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Fedora nasm-rdoff-0.98.38-3.FC3.x86_64.rpm
  RedHat Fedora Core 3
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/


• Mandrake nasm-0.98.38-1.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-0.98.38-1.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-0.98.38-1.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-0.98.38-1.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-doc-0.98.38-1.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-doc-0.98.38-1.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-doc-0.98.38-1.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-doc-0.98.38-1.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-rdoff-0.98.38-1.1.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-rdoff-0.98.38-1.1.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-rdoff-0.98.38-1.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake nasm-rdoff-0.98.38-1.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Ubuntu nasm_0.98.38-1ubuntu0.1_amd64.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.1_amd64.deb


• Ubuntu nasm_0.98.38-1ubuntu0.1_i386.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.1_i386.deb


• Ubuntu nasm_0.98.38-1ubuntu0.1_powerpc.deb
  Ubuntu 4.10 (Warty Warthog)
  http://security.ubuntu.com/ubuntu/pool/main/n/nasm/nasm_0.98.38-1ubunt u0.1_powerpc.deb