---

SuSE Security Advisory: mars_nwe 0.99 and earlier

[ Via the suse-security-announce mailing list… ]


SuSE Security Announcement

Package: mars_nwe 0.99 and earlier
Date: Fri Sep 17 10:53:58 CEST 1999
Affected: all Linux distributions using mars_nwe 0.99 and
earlier


A security hole was discovered in the package mentioned above.
Please update as soon as possible or disable the service if you are
using this software on your SuSE Linux installation(s).

Other Linux distributions or operating systems might be affected
as well, please contact your vendor for information about this
issue.

Please note, that that we provide this information on as “as-is”
basis only. There is no warranty whatsoever and no liability for
any direct, indirect or incidental damage arising from this
information or the installation of the update package.


1. Problem Description

The mars_nwe tools are vulnerable to several buffer
overflows.

2. Impact

An attacker might get root access to the system.

3. Solution

Updated the mars_nwe package from our FTP server.


Here are the md5 checksums of the upgrade packages, please
verify these before installing the new packages:


marsnwe-0.99.pl17-29.i386.rpm 5bc19a3237653574f97559434f0cf364 (5.3)
marsnwe-0.99.pl17-54.alpha.rpm 19c2c8848ad6f4707048ab2bbf7ab5f0 (AXP)
marsnwe-0.99.pl17-54.i386.rpm 9894d90ecbfca1bcc2bd8add99b90a71 (6.1)
marsnwe-0.99.pl17-12.i386.rpm c9841dde2cbca88fe53447c3d762f510 (6.2)

You will find the update on our ftp-Server:


ftp://ftp.suse.com/pub/suse/i386/update/5.3/n1/marsnwe-0.99.pl17-54.i386.rpm


ftp://ftp.suse.com/pub/suse/axp/update/6.1/n1/marsnwe-0.99.pl17-54.alpha.rpm


ftp://ftp.suse.com/pub/suse/i386/update/6.1/n1/marsnwe-0.99.pl17-54.i386.rpm


ftp://ftp.suse.com/pub/suse/i386/update/6.2/n1/marsnwe-0.99.pl17-54.i386.rpm

Webpage for patches:
http://www.suse.de/patches/index.html

or try the following web pages for a list of mirrors:
http://www.suse.de/ftp.html
http://www.suse.com/ftp_new.html