Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-476-1] redhat-cluster-suite vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-476-1] redhat-cluster-suite vulnerability
Date: Fri, 22 Jun 2007 11:22:56 -0700 
=========================================================== 
Ubuntu Security Notice USN-476-1              June 22, 2007
redhat-cluster-suite vulnerability
https://launchpad.net/bugs/121780
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  cman                                     2.20070315-0ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Fabio Massimo Di Nitto discovered that cman did not correctly validate
the size of client messages.  A local user could send a specially crafted
message and execute arbitrary code with cluster manager privileges or
crash the manager, leading to a denial of service.


Updated packages for Ubuntu 7.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redhat-cluster-suite_2.20070315-0ubuntu2.1.diff.gz
      Size/MD5:    45853 19f98d316de0c556527debd3c9debfce
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redhat-cluster-suite_2.20070315-0ubuntu2.1.dsc
      Size/MD5:     1801 d293aca82c5f0a594166c403ae91a822
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redhat-cluster-suite_2.20070315.orig.tar.gz
      Size/MD5:  2223989 bcc1dc59d93dcd44b4761136966eafa3

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/redhat-cluster-suite_2.20070315-0ubuntu2.1_all.deb
      Size/MD5:    10176 7bc5fe7dd3a6893f8583fbdac3c7a968

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   415208 4c551747a663596040d371bca4cd084e
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-tools_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   240568 b46c4de93e83e0254014daffebf07f5b
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2-tools_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   297918 8eab6723141282cee91a5d8721e63dcb
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-client_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    76768 5178696fc64e2719c7e2e0086749650a
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-server_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    73310 39e444ec8d0ca268635f27b9bb337ede
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libccs-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    13902 af5554548568dc59720d8c51636bdd85
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    21024 c89711a3509d3f977de9142f5d1887cf
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman2_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    16906 55e246480f5f311db7d571cc5a96a77c
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm-dev_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    22038 7690f350aca8dc420179f57063a20824
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm2_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:    21488 41ab17c0730714ce4734c790c1dd9e1d
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgmanager_2.20070315-0ubuntu2.1_amd64.deb
      Size/MD5:   261920 f953801ff7497e87ba5f8907508f5ede

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   377390 1625cc91013baf83251a987034905dcb
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-tools_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   229178 bdb45bb72f9fb91ad1233fbe9cac73f1
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2-tools_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   279360 09e261043612e103dc82707b4e571c34
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-client_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    67276 bb9c1d8f9d4a7a4d899ec99430457426
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-server_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    64776 b6ce07ed92f408b9c5b682d29e179b46
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libccs-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    13604 580dfab67fca3556ee1c02e46a10cd69
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20384 9cf0b995f21aa8cfe788a9ebea832716
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman2_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    16174 62c1750799861eaf760cbfe7d923b1aa
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm-dev_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20166 0e35c8888d8e09e050afd3ce6e2defea
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm2_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:    20058 feed82660d7359bda71c91c2dbd387ca
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgmanager_2.20070315-0ubuntu2.1_i386.deb
      Size/MD5:   239930 9d9adc1d748e972c4980692f5becacd3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   419560 4bdb68335d002b08139adca6d97ef153
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-tools_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   263978 120061076541d8e6ceebbad7a2c084f2
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2-tools_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   312540 833badec158c007784b16192d8a82dec
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-client_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    74210 5af82765c81da3995b728795ce607fda
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-server_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    72108 73c90d5ab4508c4e46733e74201b7aa6
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libccs-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    13802 1d100e556f3fc8dc7fe118063b0457e4
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    20728 c72f874de47bda7a5d81febf26d66be6
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman2_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    18664 f89f8407f24f553f085bff6b80f26437
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm-dev_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    21698 0c81d4399a442f32034e1d3211805b37
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm2_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:    24464 716fa192eea0673416df7b47c897f552
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgmanager_2.20070315-0ubuntu2.1_powerpc.deb
      Size/MD5:   256816 7e2822a5cfdb28e5449c2a0eb155f538

  sparc architecture (Sun SPARC/UltraSPARC)

    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/cman_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   394606 715a39dc89e2db8da1e9ce39c85082d9
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs-tools_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   232972 a0b6368599d874faaeb3e65bcb1847ff
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gfs2-tools_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   281594 a8f1e115be62cd85ab9dd87c49c81687
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-client_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    69246 9d73b0ba4b63ff4288fefe2cb998866a
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/gnbd-server_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    66522 40ce22fc135c618a1d7ac95e6d56cf4b
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libccs-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    13630 93386544aa585af6766cac0a58b3763a
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    20646 b98f6d46348288ef73fd1de7aa3e97ad
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libcman2_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    16314 c937ad6996a1605838ded0563d964bc5
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm-dev_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    20486 70b031a4b0f5d45069d9e48df87a08e7
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/libdlm2_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:    19344 aabbb34fd52960f5002a2094532b6fff
    
http://security.ubuntu.com/ubuntu/pool/main/r/redhat-cluster-suite/rgmanager_2.20070315-0ubuntu2.1_sparc.deb
      Size/MD5:   251046 ed57b55016db3e6c6186aedce42deb3c

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-476-1] redhat-cluster-suite vulnerability, Kees Cook <=
Previous by Date:  Re: Re: New Include Redirect Bug XSS All vBulletin v 3.x.x, scott-REMOTE-
Next by Date:  eNdonesia 8.4 [multiple injection sql], laurent . gaffie
Previous by Thread:  [CAID 35450, 35451, 35452, 35453]: CA Products That Embed Ingres Multiple Vulnerabilities, Williams, James K
Next by Thread:  eNdonesia 8.4 [multiple injection sql], laurent . gaffie
Indexes:  [Date] [Thread] [Top] [All Lists]