The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[USN-670-1] VMBuilder vulnerability


<< Previous INDEX Search src / Print Next >>
Date: Thu, 13 Nov 2008 20:11:17 -0600
From: Jamie Strandboge <jamie@canonical.com.>
To: [email protected]
Subject: [USN-670-1] VMBuilder vulnerability
Message-ID: <20081114021117.GA4736@severus.strandboge.com.>
Reply-To: Jamie Strandboge <jamie@canonical.com.>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
        protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-Virus-Scanned: antivirus-gw at tyumen.ru


--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline


Ubuntu Security Notice USN-670-1 November 13, 2008 vm-builder vulnerability https://bugs.launchpad.net/+bug/296841
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: passwd 1:4.0.13-7ubuntu3.3 Ubuntu 7.10: passwd 1:4.0.18.1-9ubuntu0.1 Ubuntu 8.04 LTS: passwd 1:4.0.18.2-1ubuntu2.1 Ubuntu 8.10: passwd 1:4.1.1-1ubuntu1.1 python-vm-builder 0.9-0ubuntu3.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. This vulnerability only affects virtual machines created with vm-builder under Ubuntu 8.10, and does not affect native Ubuntu installations. An update was made to the shadow package to detect vulnerable systems and disable password authentication for the root account. Vulnerable virtual machines which an attacker has access to should be considered compromised, and appropriate actions taken to secure the machine. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.3.diff.gz Size/MD5: 206560 86db587aab7fb6add48a269dae827c10 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.3.dsc Size/MD5: 893 2f8d9ed7b6ce8a5d857b009b1550fd68 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13.orig.tar.gz Size/MD5: 1622557 034fab52e187e63cb52f153bb7f304c8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_amd64.deb Size/MD5: 249562 da2146d8b42163d6ed8c6c801e2d208c http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_amd64.deb Size/MD5: 683736 51948263e9c625e7f081ca4ab6523dce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_i386.deb Size/MD5: 241068 610cef355f91fea932a546726232b7f6 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_i386.deb Size/MD5: 616726 cabec9273cef1392ca453d4b1af51eec powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_powerpc.deb Size/MD5: 251446 1f6ca96db573d0cde9345050b10bb758 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_powerpc.deb Size/MD5: 665312 e36712a8439d97f3a0448779642b1113 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_sparc.deb Size/MD5: 240030 da5bb560151677024cab1cb9af326a93 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_sparc.deb Size/MD5: 620364 c22e9d1bc09fe4e7f1370d451472caac Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.1.diff.gz Size/MD5: 148053 2153b473369cbe69b09b6e954003166d http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.1.dsc Size/MD5: 1077 407685adb0036e81018a56d54cd6ddfe http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1.orig.tar.gz Size/MD5: 2354234 3f54eaa3a35e7c559f4def92e9957581 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_amd64.deb Size/MD5: 327376 5f0e0a0c6fbaa7af3a2b246828576e70 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_amd64.deb Size/MD5: 795820 0f8ccb35fcc51086a35db0a5f2686300 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_i386.deb Size/MD5: 320252 fbebb0aa037d50148d35332715fb211d http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_i386.deb Size/MD5: 716042 457210a055cffd9a1855532422581d4a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_lpia.deb Size/MD5: 317094 ae6795e8423e200ef60e96f83a47ab96 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_lpia.deb Size/MD5: 709672 573ad8c4f67fb7dea720e826854ead8e powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_powerpc.deb Size/MD5: 328422 84c3e42d3b2c5bbb8a1f75ed966b42b8 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_powerpc.deb Size/MD5: 874966 954d6b7b5c3735626ea1385c3e1eddeb sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_sparc.deb Size/MD5: 322186 69efe5e3508518694e38030c61c603ef http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_sparc.deb Size/MD5: 725220 ae0c71e0d45b5bba0d952552a211da11 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.1.diff.gz Size/MD5: 91711 8e4f421c8d27511aba9285744802b504 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.1.dsc Size/MD5: 1160 1524873578db272d836a7d02ec1fa846 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2.orig.tar.gz Size/MD5: 2501791 c3cf8814cc1323ecafd953b00efcba50 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_amd64.deb Size/MD5: 261382 6f6235ea5b9ca5b152563bbf9d4cde4a http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_amd64.deb Size/MD5: 645332 186b8730483174ea75dafe425e1260a4 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_i386.deb Size/MD5: 255198 005c58d0964b57dff146c09692c07798 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_i386.deb Size/MD5: 566210 e524467fe37f0e791129190a0aca01ab lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_lpia.deb Size/MD5: 253736 5a2f5b96d939d18af22f4bfb1dda8558 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_lpia.deb Size/MD5: 565542 fe962454f56801493ec147c8e8c24f1d powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_powerpc.deb Size/MD5: 262990 646a6389c912eedefad34c2a7f3625c0 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_powerpc.deb Size/MD5: 716822 7fd10e7dd1d948eafca991e083eb19f1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_sparc.deb Size/MD5: 257688 6f91c97f97703d9cfbe74e2c9d70fde0 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_sparc.deb Size/MD5: 576118 f4ba465d6b49c347a3cfd6583186aa85 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.1.diff.gz Size/MD5: 77465 cb93d5a7b3e454e9a6e2508ba778a42f http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.1.dsc Size/MD5: 1664 a898645ed7d684b8793458ba0b6cbbc5 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1.orig.tar.gz Size/MD5: 2720267 ae893c18fdb0a89bc7991ba1098f1446 http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9-0ubuntu3.1.diff.gz Size/MD5: 21565 04af0e267d97387cb809343e74373ad2 http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9-0ubuntu3.1.dsc Size/MD5: 1206 8d5f90bea4044e7401af35ee7987e026 http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9.orig.tar.gz Size/MD5: 22349 c141e399df7860924c690559cddfc18f Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/python-vm-builder-ec2_0.9-0ubuntu3.1_all.deb Size/MD5: 3992 6fe97a955e0999193d09ac85baaed506 http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/python-vm-builder_0.9-0ubuntu3.1_all.deb Size/MD5: 192600 32fcecc0265e4fe7dafc47a1870d7f60 http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/ubuntu-vm-builder_0.9-0ubuntu3.1_all.deb Size/MD5: 1890 9430d7a9ae9ad3b1e62bf8ed1da75167 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_amd64.deb Size/MD5: 308110 a80dad8155d7e72e0ea606da4b263208 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_amd64.deb Size/MD5: 884672 f0b852ce5c6a2f78ff42f4f1ac07098e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_i386.deb Size/MD5: 299874 84fa6487a6e963332758881ab1feef85 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_i386.deb Size/MD5: 786620 b2c15eeed5df1678804c73db65d94aa0 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_lpia.deb Size/MD5: 299818 6e3f935ea4b4b367ebf551f726c6e465 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_lpia.deb Size/MD5: 785976 99a65c60e78cb0c18ff3fa411707941a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_powerpc.deb Size/MD5: 305722 37a40976e0a3a5d7c33a41f9856107c4 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_powerpc.deb Size/MD5: 901254 5e8ae200712c3673049364c193487f44 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_sparc.deb Size/MD5: 303554 34d29aa7f443bea63afe57a483a899b2 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_sparc.deb Size/MD5: 813862 034459da1cf3046b5a6ea6a3323ceea8 --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkkc3kUACgkQW0JvuRdL8BrtKACcD/aRyU3zcTXUCe0RgQ2mrdP3 bjsAoIj5snkPQ13uvqUDdLhukc7GmbsK =6/f8 -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру