Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-507-1] tcp-wrappers vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-507-1] tcp-wrappers vulnerability
Date: Wed, 29 Aug 2007 17:05:07 -0700 
=========================================================== 
Ubuntu Security Notice USN-507-1            August 30, 2007
tcp-wrappers vulnerability
https://launchpad.net/bugs/135332
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.04:
  libwrap0                        7.6.dbs-11ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that the TCP wrapper library was incorrectly allowing
connections to services that did not specify server-side connection
details.  Remote attackers could connect to services that had been
configured to block such connections.  This only affected Ubuntu Feisty.


Updated packages for Ubuntu 7.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.diff.gz
      Size/MD5:    51563 a66ffe0947add0d626dc9d813298c931
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.dsc
      Size/MD5:      784 4430f26d95e93408a174206b2da912d2
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz
      Size/MD5:    99548 3a8f32fa7a030d84c7260578ffb46c29

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    37234 297a97e32256bfd222a08b7a249fca50
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    30876 81ab1ff3bc887cba421857b92599f064
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    80144 c502d7ca97203abef9d8468ae14a2751

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    34432 64f1a0e9d0dc0dd2eae5af32d35e8a2b
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    29374 31f7af2847ae763f268c0f3a4c683335
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    78086 8ee708787754927c56bed98631cc739c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    37028 62d8517de1af829ebd5baf0cc39d2cbb
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    32804 0cc1db9a4c4f5577a99e887d8094c86a
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    87362 54d419fa50c66cad5c04ad2ca3ed4163

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    35094 e400ccb9a4c8f78c1e451d5a3602958f
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    28856 abe647adb76cba044f17786e028da758
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    79062 e6e97f4e4e585dfaef10f08a1608952b

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-507-1] tcp-wrappers vulnerability, Kees Cook <=
Previous by Date:  The Long Run, Dave Aitel
Next by Date:  MS Windows Mobile 5.0 or higher and digitals certificates, Marco Henriques
Previous by Thread:  The Long Run, Dave Aitel
Next by Thread:  MS Windows Mobile 5.0 or higher and digitals certificates, Marco Henriques
Indexes:  [Date] [Thread] [Top] [All Lists]