GNU userv Service Program Environment Corruption Vulnerability

GNU userv Service Program Environment Corruption Vulnerability

Solution:
The userv maintainer suggests upgrading to userv 1.0.1. If the upgrade is not available, a patch can be applied.

(From the Bugtraq message):
Index: servexec.c
===================================================================
RCS file: /usr/src/CVS/userv/servexec.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- servexec.c 2000/03/06 18:14:46 1.13
+++ servexec.c 2000/07/27 00:08:34 1.14
@@ -266,7 +266,8 @@
fdarray[fd].holdfd= -1;
}
for (fd=0; fd<fdarrayused; fd++) {
- if (fdarray[fd].realfd < fdarrayused) fdarray[fdarray[fd].realfd].holdfd= fd;
+ if (fdarray[fd].realfd < fdarrayused && fdarray[fd].realfd >= 0)
+ fdarray[fdarray[fd].realfd].holdfd= fd;
}
for (fd=0; fd<fdarrayused; fd++) {
realfd= fdarray[fd].realfd;

Additionally, updates are available for Debian Linux.
(From the Debian advisory):

Debian 2.1:
Source archives:
http://security.debian.org/dists/stable/updates/source/userv_1.0.1.0slink.dsc
MD5 checksum: 473a8fe477d20614aad97f538896969a
http://security.debian.org/dists/stable/updates/source/userv_1.0.1.0slink.tar.gz
MD5 checksum: 40b052547e2ea9fa69a12ee24dfe2af7

Alpha architecture:
http://security.debian.org/dists/stable/updates/binary-alpha/userv_1.0.1.0slink_alpha.deb
MD5 checksum: 4934d1163e2e5fbb2d74d5a949089aa7

Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/binary-i386/userv_1.0.1.0slink_i386.deb
MD5 checksum: ebf8d6cd431e94b6e731636d1d61440e

Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/binary-m68k/userv_1.0.1.0slink_m68k.deb
MD5 checksum: b59d78066362bce1f91005891958c362

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/binary-sparc/userv_1.0.1.0slink_sparc.deb
MD5 checksum: ab880dac8965d99ca64044c0ef438975

Debian 2.2pre Potato:

Source archives:
http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.dsc
MD5 checksum: 1a92258cecdb878ddd2f58cd03bd59b1
http://security.debian.org/dists/potato/updates/main/source/userv_1.0.1.1potato.tar.gz
MD5 checksum: ddf8df51026a1b880dc95f9ca04a6deb

Alpha architecture:
http://security.debian.org/dists/potato/updates/main/binary-alpha/userv_1.0.1.1potato_alpha.deb
MD5 checksum: 81d800fb0b29ef48f8b8bbc20e2b2ec1

Intel ia32 architecture:
http://security.debian.org/dists/potato/updates/main/binary-i386/userv_1.0.1.1potato_i386.deb
MD5 checksum: 82752bd8dcc7ec1e187b6d9cfe7403d0

Sun Sparc architecture:
http://security.debian.org/dists/potato/updates/main/binary-sparc/userv_1.0.1.1potato_sparc.deb
MD5 checksum: 019430e9ffdff374a87e0003da16b97b

GNU userv 1.0 .0

GNU userv 1.0.1
ftp://ftp.chiark.greenend.org.uk/users/ian/userv/userv-1.0.1.tar.gz