• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SANE Internal Wire Memory Disclosure Vulnerability

Solution:
The Sane project has released a new version to address this issue.

SuSE Linux has released a security advisory (SuSE-SA:2003:046) and fixes to address this issue. Users who are potentially affected by this vulnerability are advised to apply appropriate fixes as soon as possible. Please see the referenced advisory for additional details regarding the application of applicable fixes. Fixes are linked below.

Red Hat has released an advisory (RHSA-2003:278-01) to address this issue. Affected users are advised to apply the fixes as soon as possible. Further details regarding obtaining and applying relevant fixes is available in the referenced advisory.

Debian has released security advisory DSA 379-1 to address these issues. See referenced advisory for additional details.

Red Hat has released advisory RHSA-2003:285-03 to address this issue.

Mandrake has released an advisory (MDKSA-2003:099) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Conectiva Linux has released an advisory (CLA-2003:769) to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.

Patch 10027 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.

SCO has released an advisory (CSSA-2004-005.0) and fixes to address this issue for OpenLinux. See the referenced advisory for links to fixes.


SANE SANE 1.0 .0

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.1

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE sane-backend 1.0.10

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.2

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.3

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.4

• Conectiva sane-1.0.4-3U70_1cl.i386.rpm
  Upgrade for Conectiva Linux 7.
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sane-1.0.4-3U70_1cl.i386. rpm


• Conectiva sane-devel-1.0.4-3U70_1cl.i386.rpm
  Upgrade for Conectiva Linux 7.
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sane-devel-1.0.4-3U70_1cl .i386.rpm


• Conectiva sane-devel-static-1.0.4-3U70_1cl.i386.rpm
  Upgrade for Conectiva Linux 7.
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sane-devel-static-1.0.4-3 U70_1cl.i386.rpm


• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.5

• Red Hat sane-backends-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux AS
  http://rhn.redhat.com


• Red Hat sane-backends-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux ES
  http://rhn.redhat.com


• Red Hat sane-backends-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux WS
  http://rhn.redhat.com


• Red Hat sane-backends-1.0.5-4.3.ia64.rpm
  Red Hat Enterprise Linux AS
  http://rhn.redhat.com


• Red Hat sane-backends-1.0.5-4.3.ia64.rpm
  Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
  http://rhn.redhat.com


• Red Hat sane-backends-devel-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux AS
  http://rhn.redhat.com


• Red Hat sane-backends-devel-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux ES
  http://rhn.redhat.com


• Red Hat sane-backends-devel-1.0.5-4.3.i386.rpm
  Red Hat Enterprise Linux WS
  http://rhn.redhat.com


• Red Hat sane-backends-devel-1.0.5-4.3.ia64.rpm
  Red Hat Enterprise Linux AS
  http://rhn.redhat.com


• Red Hat sane-backends-devel-1.0.5-4.3.ia64.rpm
  Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
  http://rhn.redhat.com


• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.6

• Conectiva sane-1.0.6-3U80_1cl.i386.rpm
  Upgrade for Conectiva Linux 8.
  ftp://atualizacoes.conectiva.com.br/8/RPMS/sane-1.0.6-3U80_1cl.i386.rp m


• Conectiva sane-devel-1.0.6-3U80_1cl.i386.rpm
  Upgrade for Conectiva Linux 8.
  ftp://atualizacoes.conectiva.com.br/8/RPMS/sane-devel-1.0.6-3U80_1cl.i 386.rpm


• Conectiva sane-devel-static-1.0.6-3U80_1cl.i386.rpm
  Upgrade for Conectiva Linux 8.
  ftp://atualizacoes.conectiva.com.br/8/RPMS/sane-devel-static-1.0.6-3U8 0_1cl.i386.rpm


• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.7 -beta2

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.7

• Debian libsane-dev_1.0.7-4_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_alpha.deb


• Debian libsane-dev_1.0.7-4_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_arm.deb


• Debian libsane-dev_1.0.7-4_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_hppa.deb


• Debian libsane-dev_1.0.7-4_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_i386.deb


• Debian libsane-dev_1.0.7-4_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_ia64.deb


• Debian libsane-dev_1.0.7-4_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_m68k.deb


• Debian libsane-dev_1.0.7-4_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_mips.deb


• Debian libsane-dev_1.0.7-4_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_mipsel.deb


• Debian libsane-dev_1.0.7-4_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_powerpc.deb


• Debian libsane-dev_1.0.7-4_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_s390.deb


• Debian libsane-dev_1.0.7-4_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane-d ev_1.0.7-4_sparc.deb


• Debian libsane_1.0.7-4_alpha.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_alpha.deb


• Debian libsane_1.0.7-4_arm.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_arm.deb


• Debian libsane_1.0.7-4_hppa.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_hppa.deb


• Debian libsane_1.0.7-4_i386.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_i386.deb


• Debian libsane_1.0.7-4_ia64.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_ia64.deb


• Debian libsane_1.0.7-4_m68k.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_m68k.deb


• Debian libsane_1.0.7-4_mips.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_mips.deb


• Debian libsane_1.0.7-4_mipsel.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_mipsel.deb


• Debian libsane_1.0.7-4_powerpc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_powerpc.deb


• Debian libsane_1.0.7-4_s390.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_s390.deb


• Debian libsane_1.0.7-4_sparc.deb
  Debian GNU/Linux 3.0 (woody)
  http://security.debian.org/pool/updates/main/s/sane-backends/libsane_1 .0.7-4_sparc.deb


• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.7 -beta1

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.8

• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz

SANE SANE 1.0.9

• Conectiva sane-1.0.9-23360U90_1cl.i386.rpm
  Upgrade for Conectiva Linux 9.
  ftp://atualizacoes.conectiva.com.br/9/RPMS/sane-1.0.9-23360U90_1cl.i38 6.rpm


• Conectiva sane-devel-1.0.9-23360U90_1cl.i386.rpm
  Upgrade for Conectiva Linux 9.
  ftp://atualizacoes.conectiva.com.br/9/RPMS/sane-devel-1.0.9-23360U90_1 cl.i386.rpm


• Conectiva sane-devel-static-1.0.9-23360U90_1cl.i386.rpm
  Upgrade for Conectiva Linux 9.
  ftp://atualizacoes.conectiva.com.br/9/RPMS/sane-devel-static-1.0.9-233 60U90_1cl.i386.rpm


• Mandrake libsane1-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsane1-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsane1-1.0.9-3.3.90mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsane1-devel-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libsane1-devel-1.0.9-3.3.90mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sane-backends-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Corporate Server 2.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sane-backends-1.0.9-3.3.90mdk.i586.rpm
  Mandrake Linux 9.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake sane-backends-1.0.9-3.3.90mdk.x86_64.rpm
  Mandrake Corporate Server 2.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• sane sane-backends-1.0.11.tar.gz
  ftp://ftp.mostang.com/pub/sane/old-versions/sane-backends-1.0.11/sane- backends-1.0.11.tar.gz