Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-627-1] Dnsmasq vulnerability

from [Jamie Strandboge] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-627-1] Dnsmasq vulnerability
Date: Tue, 22 Jul 2008 12:37:02 -0400 
=========================================================== 
Ubuntu Security Notice USN-627-1              July 22, 2008
dnsmasq vulnerability
CVE-2008-1447
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  dnsmasq-base                    2.41-2ubuntu2.1

After a standard system upgrade you need to restart Dnsmasq to effect
the necessary changes.

Details follow:

Dan Kaminsky discovered weaknesses in the DNS protocol as implemented
by Dnsmasq. A remote attacker could exploit this to spoof DNS entries
and poison DNS caches. Among other things, this could lead to
misdirected email and web traffic.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1.diff.gz
      Size/MD5:    22023 89c0f060733a11e414ef1fa634b17149
    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1.dsc
      Size/MD5:      698 e44ebdb66be7abcaba3f1558b9379abb
    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41.orig.tar.gz
      Size/MD5:   357997 8d0acd6656299a800c4d1be5a1193e39

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq_2.41-2ubuntu2.1_all.deb
      Size/MD5:    11962 fbe42757babf0522e92a48438cdf7d0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_amd64.deb
      Size/MD5:   210032 015334862975edd0c6157624b9b4cd6b

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_i386.deb
      Size/MD5:   202466 87bebd172bae955ef2ae8f2de323a737

  lpia architecture (Low Power Intel Architecture):

    
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_lpia.deb
      Size/MD5:   202996 8938160f148e63de63cad64e2721c6d6

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_powerpc.deb
      Size/MD5:   210320 865aa2d674736978b2b00a8623267fc4

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/d/dnsmasq/dnsmasq-base_2.41-2ubuntu2.1_sparc.deb
      Size/MD5:   204034 211f90a72d775d1987b6c3179786546f

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-627-1] Dnsmasq vulnerability, Jamie Strandboge <=
Previous by Date:  [security bulletin] HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access, security-alert
Next by Date:  [Full-disclosure] PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page, ProCheckUp Research
Previous by Thread:  [security bulletin] HPSBMA02346 SSRT080097 rev.3 - HP OpenView Select Identity Active Directory Bidirectional LDAP Connector, Remote Unauthorized Access, security-alert
Next by Thread:  [Full-disclosure] PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page, ProCheckUp Research
Indexes:  [Date] [Thread] [Top] [All Lists]