lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 3 May 2005 18:14:59 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-115-1] Kommander vulnerability

===========================================================
Ubuntu Security Notice USN-115-1	       May 03, 2005
kdewebdev vulnerability
CAN-2005-0754
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kommander

The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu2.2.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Eckhart Wörner discovered that Kommander opens files from remote and
possibly untrusted locations without user confirmation. Since
Kommander files can contain scripts, this would allow an attacker to
execute arbitrary code with the privileges of the user opening the
file.

The updated Kommander will not automatically open files from remote
locations, and files which do not end with ".kmdr" any more.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.diff.gz
      Size/MD5:   178816 caef0228cc742bc8ce4f1b9f36f79130
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2.dsc
      Size/MD5:     1000 d9b0ddb8278bed92e2dc21b02aecb872
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0.orig.tar.gz
      Size/MD5:  7496452 4820f77ff59dc9030204b87aa840d065

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kdewebdev-doc-html_3.4.0-0ubuntu2.2_all.deb
      Size/MD5:   134006 100e2fd20ba38c9d36e0f99eeff01b91
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kdewebdev_3.4.0-0ubuntu2.2_all.deb
      Size/MD5:     8654 ed38515d0ce6a68d2206f7fc2926d04d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta-data_3.4.0-0ubuntu2.2_all.deb
      Size/MD5:   945488 3478cb60faa98a2982964615b7c19288

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:   630252 6b7a50e32f6fb999702c8b9826fb5894
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:   321990 9504f89bd51d05ee52144a4c9c576ed2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:   257710 9f7b62f0bf9b5f0ee953d5f5a2cc603f
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:    17264 e3b592579a57f3a9b38755f5ccbf73dc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:  1273682 d74bf73034c8466fa2e6e5349fd1883f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:   612816 49cf9a1a50feb57d41ee8fad177783de
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_amd64.deb
      Size/MD5:  2303362 06d52ac9c6950e823f024462c672d9f8

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:   621532 7a39076580bd640fd3eb03272a45e86d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:   303930 0bfb95c32d38b92d40970e4777870a38
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:   244456 66bd475678215a77ddf4bc8836d43386
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:    17278 11edfa83396992ef6f40b2599217d649
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:  1186942 0851867caf4b8ef2484bd1e52d0b4602
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:   585286 bf3a98696e5e23b7fb0cb3c3feb0ee94
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_i386.deb
      Size/MD5:  2245404 cbca7afe4b85ef7954dfd03400c48a48

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kfilereplace_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:   621254 5877b724876958b7f09751363a333692
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kimagemapeditor_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:   295570 ff0c924ae08e790cbd549cf7cc39a5c4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/klinkstatus_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:   245248 3a5540697b21cdff954e2a4480fdb37b
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdewebdev/kommander-dev_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:    17270 2a07e2649555b97ede553fbc87f9ed39
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kommander_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:  1191350 fdf63a65144291d03f25ed4db54e292f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/kxsldbg_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:   583446 87189bdf29e9d71e8cb8efdd660482b9
    http://security.ubuntu.com/ubuntu/pool/main/k/kdewebdev/quanta_3.4.0-0ubuntu2.2_powerpc.deb
      Size/MD5:  2174200 143110597047409de76a0b6266ee2e23

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists