lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050907064016.GA9207@piware.de>
Date: Wed, 7 Sep 2005 08:40:16 +0200
From: Martin Pitt <martin.pitt@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-176-1] kcheckpass vulnerability

===========================================================
Ubuntu Security Notice USN-176-1         September 07, 2005
kdebase vulnerability
CAN-2005-2494
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

kdebase-bin

The problem can be corrected by upgrading the affected package to
version 4:3.4.0-0ubuntu18.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Ilja van Sprundel discovered a flaw in the lock file handling of
kcheckpass. A local attacker could exploit this to execute arbitrary
code with root privileges.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.diff.gz
      Size/MD5:   189597 ef9b4ad4f1e4340a2ecdaad471670b63
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1.dsc
      Size/MD5:     1622 2a0d3a6c1e146f5b54b5e7a20bf58cea
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0.orig.tar.gz
      Size/MD5: 26947670 31334d21606078a1f1eab1c3a25317e9

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-data_3.4.0-0ubuntu18.1_all.deb
      Size/MD5:  4608912 0113ee173e4da0e4d3c233c4288ec667
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-doc_3.4.0-0ubuntu18.1_all.deb
      Size/MD5:  1084404 5715fca77f5f4224c63f78cb1e1b418d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase_3.4.0-0ubuntu18.1_all.deb
      Size/MD5:    22020 a5cbdaa9f938a786b3cd74a6396d5e20
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/xfonts-konsole_3.4.0-0ubuntu18.1_all.deb
      Size/MD5:    37918 0440a29214683017d1548827d23216ef

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   245308 3ada910e36591419d1f0ba38a232817f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   654580 3cecf0faa5052101ae9b78cdd419c506
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  7957406 298659794585e115ea77e95145b93d13
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  1152760 04be6e4170365ee880e3c4e8ec72de78
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:    60926 4e17272ffd172817699f091f1ba0ef1f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   807684 973dfa2562de81a394d58b5c500998ab
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   227036 e8df4158d5c12c4f6002a8025244fc62
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  1100276 bb6d55387499b8a346a851670dfd93c4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   739976 312fb8213a0d25275fdac66bd048b2e1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   670860 ac2219d79ad555f1099657708f2eb1c4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   185742 b072ff11f1270bcac9d9f207ae4c5cf5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  1784494 ddc8fafc29b6b807eebdd382b5160318
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  1805694 10da13879440693317057681f8bb684e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   245018 eadf78db296c0129e13fadec01881a0b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   206766 f7bf70a03730ddebc1563ba840b5fe3b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   135228 1660abe0a875b18ec26adcb3caec13c1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  2081982 911b6550bef1e7bc5bff918061d3a9c2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   596520 8b2805d0f76e45f08103f43674ed1f55
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   100464 008c6c9414412a5641a2bae5a64c2890
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   473208 148899c8aef9076a3287675d93dadb61
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   141976 eaa0af4be4cb4727ed5854df7232db57
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   810978 117ba62ec5d6d5c3cdd6323ef1e7fea8
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   490268 e818c40bca8b27f7a3224ba3b7eaedd5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:    56574 cb547d5e454dce4a4ca331d46767113e
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:    80366 7dd62d3608942e013539a232f791fa4e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:  1013698 b164b1536692f0da325cd5f8e1f465b5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:    48506 27836a23f9ace627a9fa8b15b4b2222a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_amd64.deb
      Size/MD5:   261854 3fca1d953eafbbbf6b34d8640182c78f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   243636 918ec94ab285f5d657984473124a62d4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   630558 95cadd77d3c3205f365a7e94a22aaa39
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  7786958 40bad975b2e41a97e1acbf69aa730fb5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  1071180 6378932ae74ee615b79c031e8f304cc1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:    60946 575260572e38319d0834d927a23e6b45
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   738706 3fb9a5273ae5c9eecf604a57e7339413
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   222460 4a3d47678b68de18ea89364f4ca92af5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  1085444 0a1e0f0c45634f96bbc715a0edc229ff
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   717412 b02564f2d21bc57cd717b7d283802c7d
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   634514 eab29e7535d683ee2b220e1311cf124f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   175986 1fa716a00f654cc00647b03cb1ce3ffd
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  1769482 a8aaaed37eb92c8dd02e6481bb69a65b
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  1692040 71055e6b7d3a5076bbcf6331bd3db5c0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   230744 8b20452027172dffc46db7a1806e1e46
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   198292 a5d990fe9d103db4b57f9a037542e243
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   123954 7f107b6af937beba00545d430c985da0
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:  2008614 66e6f0df925157f643f8dd1eddec39cc
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   570722 0ffb5270fb29e8f988710b5a8f98a19e
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:    95632 06b90b69388a175e3171ef209bfd527c
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   465656 b8f70ffc77bcab68810eab048f868b41
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   137194 056c28e0e755df262f2ce8ffcf0c1087
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   799634 442a641c3300bab664ed57f1d2bc236f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   464888 499d51f7f6d354f2e0f48f0e39456ce9
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:    49706 d20e7d609588e5eeed182199ecfa7be8
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:    79964 e6ac80c11b310b2c5a2e6669246b87c5
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   959566 eef18f77ec369d6e485c6bfb78b14743
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:    48512 db47172170a5c677303871d536b383ce
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_i386.deb
      Size/MD5:   248620 98417644f71673543c811d88ad0788a1

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kappfinder_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   244436 af64c35adf77542c865dd6abf31fb90f
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kate_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   631810 b0301b8f7e21534c137bba669cd9a7f2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kcontrol_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  7804952 06f0fb4e4808c64983d642c046fa4061
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-bin_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  1079800 3e543998c714a4d051de93f9faf4eb36
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-dev_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:    60946 696585e41ac93cf47764f3b238c61f42
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdebase-kio-plugins_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   799872 f22ae65da25b42068c83e14e85060491
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdepasswd_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   223102 c18044dc5efb93b4c3373f3eea2b60d4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdeprint_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  1098416 01e580d3040f9b8ec7b62ab680d351a2
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdesktop_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   718630 5c555007dc2f98ee828b59cef2b60577
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kdm_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   653004 96b6f37ea5a827658eeb951621f1f579
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kfind_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   170902 a6ed6227ccc3cf259658b5da266744eb
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/khelpcenter_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  1771324 1c53b10d7006d24951a80453fb94f293
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kicker_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  1717592 2f35ec7c11c15081c1fc9ce1762da732
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/klipper_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   231854 7e638541d6544f57f923f6ccc0f80897
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kmenuedit_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   200714 9c8dd3fa405e452074bea38f9b31c00a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror-nsplugins_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   131298 78fae495e8309207e57f4f46306ecf0a
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konqueror_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:  2012516 fb153ce573d97b857a08dc58fa7e9c59
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/konsole_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   564162 8e5de803fe86874cc33d212baae87179
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpager_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:    96374 aa97874b91518d8d66308a50b3dc201c
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kpersonalizer_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   467124 68c31feb7dd8a26de7bb075b9a0d1b0c
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksmserver_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   139774 489baff2db71e52ceb1ed5e827802530
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksplash_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   805526 e012ddec4b5f914f58c2f9f031de34e4
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguard_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   446210 6f04d174490eb50b51d8352467596496
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/ksysguardd_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:    56470 cc93080f937f6151a9c801f3a1244446
    http://security.ubuntu.com/ubuntu/pool/universe/k/kdebase/ktip_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:    81600 d8dd62440835ce0e6e0383d61748e289
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/kwin_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   970236 d9dfc1fa308154205287135a05a488e1
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4-dev_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:    48520 2d30de2144632620bfa64071e33d3632
    http://security.ubuntu.com/ubuntu/pool/main/k/kdebase/libkonq4_3.4.0-0ubuntu18.1_powerpc.deb
      Size/MD5:   244346 5d20d126639357d0008a9d08165d056b

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ