Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-521-1] libmodplug vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-521-1] libmodplug vulnerability
Date: Thu, 27 Sep 2007 17:08:03 -0700 
=========================================================== 
Ubuntu Security Notice USN-521-1         September 27, 2007
libmodplug vulnerability
CVE-2006-4192
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libmodplug0c2                   1:0.7-5ubuntu0.6.06.1

Ubuntu 6.10:
  libmodplug0c2                   1:0.7-5ubuntu0.6.10.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Luigi Auriemma discovered that libmodplug did not properly sanitize
its input. A specially crafted AMF file could be used to exploit this
situation to cause buffer overflows and possibly execute arbitrary code
as the user.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.1.diff.gz
      Size/MD5:     7132 5ea7bde5b33470ae5adfcc8f977d051a
    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.06.1.dsc
      Size/MD5:      640 0c363a061dd31dd1e3ab86f6306a8124
    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-5ubuntu0.6.06.1_all.deb
      Size/MD5:    22350 43bf0cad64c5b99dc298fa0ce3f3db44

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_amd64.deb
      Size/MD5:   117402 feeebd679f9355fdf259c1014313dc4a

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_i386.deb
      Size/MD5:   115238 ef9c9fdd542ca9b1573cc383d3b0ddfd

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_powerpc.deb
      Size/MD5:   125616 eeb2f3baef12ae5883e3e3aff0082d16

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.06.1_sparc.deb
      Size/MD5:   123276 3242bdcb39748d212d127d21e2aac864

Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.10.1.diff.gz
      Size/MD5:     7129 a5eb16cd1823bd7bf9fe12f93583d363
    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7-5ubuntu0.6.10.1.dsc
      Size/MD5:      640 4673f3d2ab6676f7c14686d9fe34294f
    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug_0.7.orig.tar.gz
      Size/MD5:   329398 b6e7412f90cdd4a27a2dd3de94909905

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug-dev_0.7-5ubuntu0.6.10.1_all.deb
      Size/MD5:    22384 bc58f46270dfc27b538a87279a76eac7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_amd64.deb
      Size/MD5:   116602 a328b8a1d89690e1ecd3fc51029a136d

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_i386.deb
      Size/MD5:   118066 c88fcf05eaf8df6c5cb9c2decf77eefe

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_powerpc.deb
      Size/MD5:   125326 9606b0cda577aa03f7425f4fa6a98e48

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libm/libmodplug/libmodplug0c2_0.7-5ubuntu0.6.10.1_sparc.deb
      Size/MD5:   124146 42842bc6847b1900c8c1964b42ae8454

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-521-1] libmodplug vulnerability, Kees Cook <=
Previous by Date:  Promise NAS NS4300N GUI bug, Tor Houghton
Next by Date:  Ruby Net::HTTPS library does not validate server certificate CN, Chris Clark
Previous by Thread:  Promise NAS NS4300N GUI bug, Tor Houghton
Next by Thread:  Ruby Net::HTTPS library does not validate server certificate CN, Chris Clark
Indexes:  [Date] [Thread] [Top] [All Lists]