Debian Security Advisory

DSA-116-1 cfs -- buffer overflow

Date Reported:
02 Mar 2002
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2002-0351.
More information:

Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unix(tm) file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be forced to die, a malicious user can easily perform a denial of service attack to it.

This problem has been fixed in version 1.3.3-8.1 for the stable Debian distribution and in version 1.4.1-5 for the testing and unstable distribution of Debian.

We recommend that you upgrade your cfs package immediately.

Fixed in:

Debian GNU/Linux 2.2 (potato)

Intel ia32:
Motorola 680x0:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.