Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] [USN-4-1] Standard C library script vulnerabilities

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-Disclosure] [USN-4-1] Standard C library script vulnerabilities
Date: Thu, 28 Oct 2004 08:06:43 +0200 
===========================================================
Ubuntu Security Notice USN-4-1             October 27, 2004
Standard C library script vulnerabilities
CAN-2004-0968
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libc6

The problem can be corrected by upgrading the affected package to
version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade
is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.diff.gz
      Size/MD5:  1718601 cf6afbc349154329c272077c73ba9179
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.dsc
      Size/MD5:     1656 4c7cb8a913a57c4719b608c49c2d2b2e
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1.orig.tar.gz
      Size/MD5: 13246448 b982bf6ad7ebc8622d3b81d51c44b78a

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.2.ds1-13ubuntu2.2_all.deb
      Size/MD5:  3839054 c45aae7010692177a047dc68a0892f7c
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/locales_2.3.2.ds1-13ubuntu2.2_all.deb
      Size/MD5:  3979842 272da092e74a39c4f15d10ddd1c3c2a0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  9172938 0b62bf67b6b1ea70c2f1dce0a5a72e78
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  2961890 fca2ae9c057eefebceffc6eef5c44f8c
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  1318744 cae5a17fbbbf4d454aff91f028ba45bf
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  2429958 6111ed6e95b4d3106f516a0e910e6b7d
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:   953804 8c92652345079beea4059c2bd02cf0f6
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  5424778 591e999cfc9de47e655365f2a6bd5407
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:     8168 f007a3aa95bbe190e295ef04b98455b3
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:    15960 a50daa05546194f6d0a30d02bdd666a4
    
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:    90622 3251a57ba6896b412e270ef812500e08

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5: 10199756 981e3d99127302b8955e0d0ecfc87189
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  2510202 4a0c6a6c253aeb99a9698c541de90db5
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:   944732 45839ff16f3668c6ef58a213c6d805b4
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  1015598 8c50383383de8d5f23236ce7211a0e11
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  1985400 3882b6b9f770ffe1e2bc3c7ab55c0c5e
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:   691838 94ed23b75666c67bda94b9c07ce4a5a4
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  4844160 d5aebff13cd1eb6f4e29d68c38cd60ae
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:     7702 03de6798940e807729f30a62aac2f7ec
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:    13426 b932f23a4f9c3d776c6a7c26612a44d8
    
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:    88312 99d91c0cf770b202b37ed8ae0b131ed4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  9216664 64ef82237a246fa888980efa4ea3fe76
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  3068930 ce32157ff282f9f48ffeba47bc4a7cc9
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  1272340 804072cb7e38a128ab022f05c88bc456
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  2582898 2c84b6bf455a4a7c3742307bb8c87c00
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:   946680 0ea82c88731a21d61b3a633b4eaffda8
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  4213364 4f0c8de536cd48d333e52cde5aa5a0e3
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:     8194 e90b76a0e762d97deddee338ea46c475
    
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:    14766 82dcd7f1abfac39464135522a96f1d42
    
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:    89468 1debcc6600d1c3d4e60b1156178f99c7

Attachment: signature.asc
Description: Digital signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] [USN-4-1] Standard C library script vulnerabilities, Martin Pitt <=
Previous by Date:  [Full-Disclosure] [USN-9-1] tetex-bin vulnerabilities, Martin Pitt
Next by Date:  Presentation: Bypassing client application protection techniques with notepad, 3APA3A
Previous by Thread:  [Full-Disclosure] [USN-9-1] tetex-bin vulnerabilities, Martin Pitt
Next by Thread:  Presentation: Bypassing client application protection techniques with notepad, 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]