Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-594-1] libnet-dns-perl vulnerability

from [Kees Cook] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-594-1] libnet-dns-perl vulnerability
Date: Wed, 26 Mar 2008 15:12:24 -0700 
=========================================================== 
Ubuntu Security Notice USN-594-1             March 26, 2008
libnet-dns-perl vulnerability
CVE-2007-6341
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libnet-dns-perl                 0.53-2ubuntu1.1

Ubuntu 6.10:
  libnet-dns-perl                 0.57-1ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that Net::DNS did not correctly validate the size
of DNS replies.  A remote attacker could send a specially crafted DNS
response and cause applications using Net::DNS to abort, leading to a
denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.diff.gz
      Size/MD5:     7499 fe4560bfbbb777dbbbee424434cc9c6d
    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1.dsc
      Size/MD5:      631 0ca3de3311a0b58937007bbd368af1e8
    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53.orig.tar.gz
      Size/MD5:   119705 404797359373d4df1a025458ab1415f7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_amd64.deb
      Size/MD5:   232824 8f4dcf603986c1e8da2e783b303b038c

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_i386.deb
      Size/MD5:   232530 b9224ad2f4adfb556f2543897c12993e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_powerpc.deb
      Size/MD5:   234400 c25cb13ab7e4d5ac37fa41c5f54888c0

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.53-2ubuntu1.1_sparc.deb
      Size/MD5:   232654 30ceef5c3308959dee0b235426a3003d

Updated packages for Ubuntu 6.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.diff.gz
      Size/MD5:     7490 8e887005c738b65919afdbbf5b7c3a07
    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1.dsc
      Size/MD5:      631 de5fda4c9524a1482cdd555bb39b3897
    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57.orig.tar.gz
      Size/MD5:   131596 9511a7052e553f2a29a5bae32c20bc44

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_amd64.deb
      Size/MD5:   246344 4f215d062b4c6c7fe11bf2a021e33936

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_i386.deb
      Size/MD5:   246264 89f0a8a441aec2b8b751f5f41ccdd9a4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_powerpc.deb
      Size/MD5:   247938 784827f2594fc6b31f4c9aa41544ee77

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-dns-perl/libnet-dns-perl_0.57-1ubuntu1.1_sparc.deb
      Size/MD5:   246174 3827f2c4e876f2a3aec8501e36a60bc3

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-594-1] libnet-dns-perl vulnerability, Kees Cook <=
Previous by Date:  [Full-disclosure] [USN-593-1] Dovecot vulnerabilities, Kees Cook
Next by Date:  [Full-disclosure] [USN-595-1] SDL_image vulnerabilities, Kees Cook
Previous by Thread:  [Full-disclosure] [USN-593-1] Dovecot vulnerabilities, Kees Cook
Next by Thread:  [Full-disclosure] [USN-595-1] SDL_image vulnerabilities, Kees Cook
Indexes:  [Date] [Thread] [Top] [All Lists]