lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20071022183658.GE7963@outflux.net>
Date: Mon, 22 Oct 2007 11:36:58 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-533-1] util-linux vulnerability

=========================================================== 
Ubuntu Security Notice USN-533-1           October 22, 2007
util-linux vulnerability
CVE-2007-5191
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  mount                           2.12r-4ubuntu6.1

Ubuntu 6.10:
  mount                           2.12r-11ubuntu2.1

Ubuntu 7.04:
  mount                           2.12r-17ubuntu2.1

In general, a standard system upgrade is sufficient to affect the
necessary changes.

Details follow:

Ludwig Nussel discovered that mount and umount did not properly
drop privileges when using helper programs. Local attackers may be
able to bypass security restrictions and gain root privileges using
programs such as mount.nfs or mount.cifs.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1.diff.gz
      Size/MD5:   101504 5063e0943259af8d75fa4199eb5c340a
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1.dsc
      Size/MD5:      732 65ba84c3ab964502ec5ae80c009a6497
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r.orig.tar.gz
      Size/MD5:  1992725 c261230b27fc0fbcc287c76884caf2d3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12r-4ubuntu6.1_all.deb
      Size/MD5:    43392 0c7b4c1b3d48b45d9e729f42dee9296f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-4ubuntu6.1_amd64.deb
      Size/MD5:    69326 2b8321e57e1c8e4ef9b8902a3cdc4683
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-4ubuntu6.1_amd64.udeb
      Size/MD5:    66824 c370b8bf588c3b8b9dd29a19822b1232
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4ubuntu6.1_amd64.deb
      Size/MD5:   160850 6e14e437fa62909f08e445c73ccf67c2
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1_amd64.deb
      Size/MD5:   394464 a9a5caccaf19f29955e2a3602c128676
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-4ubuntu6.1_amd64.udeb
      Size/MD5:   485590 549f70cc234036f52a0153f536f036f3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-4ubuntu6.1_i386.deb
      Size/MD5:    67848 2d4613205909766056d456be542ab753
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-4ubuntu6.1_i386.udeb
      Size/MD5:    58944 4d3384362813f66f909a436401d2274c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4ubuntu6.1_i386.deb
      Size/MD5:   153166 fadc3cae13850c2938ce59e5d925564d
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1_i386.deb
      Size/MD5:   370816 86b1ec915741e5a6b8a3493648447967
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-4ubuntu6.1_i386.udeb
      Size/MD5:   483450 b8a431278080ee63975f69cbaa3990b9

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-4ubuntu6.1_powerpc.deb
      Size/MD5:    68240 935696198ecedebdd4bbd5080ad4c7da
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-4ubuntu6.1_powerpc.udeb
      Size/MD5:    64558 f0b62ce814f5ef7f2c561fd902220483
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4ubuntu6.1_powerpc.deb
      Size/MD5:   158188 7d4ec5fabe980107954e88758944710a
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1_powerpc.deb
      Size/MD5:   390816 6daaf30b714059ab080120f7e767b2f1
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-4ubuntu6.1_powerpc.udeb
      Size/MD5:   488388 c1b9f667e952536d7373ffecf88242d4

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-4ubuntu6.1_sparc.deb
      Size/MD5:    67874 e2a4bf0146d1365d95f7b44ca6a6ab5c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-4ubuntu6.1_sparc.udeb
      Size/MD5:    37400 5dcb2dfa0381c3717f434f98917d42ba
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-4ubuntu6.1_sparc.deb
      Size/MD5:   155194 91c64fb21f93f62edd7d3228063e54be
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-4ubuntu6.1_sparc.deb
      Size/MD5:   271282 0275204889f9f8f5827fda97c9642365

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1.diff.gz
      Size/MD5:   199900 6dc802e38afd0e957470a259252fed30
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1.dsc
      Size/MD5:      780 8a66d11c0b055b4cb1c806265ae4bd7c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r.orig.tar.gz
      Size/MD5:  1992725 c261230b27fc0fbcc287c76884caf2d3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12r-11ubuntu2.1_all.deb
      Size/MD5:    44172 47381569ef3faf53deaebfe823515225

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-11ubuntu2.1_amd64.deb
      Size/MD5:    70060 11d05b951692ad0ec4dfcb07798fb7d9
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-11ubuntu2.1_amd64.udeb
      Size/MD5:    64874 fdc0131f5d45909ccee4db6c8529fcff
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11ubuntu2.1_amd64.deb
      Size/MD5:   192840 4eee14a85679e58bb3d3b70c784aa0c7
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1_amd64.deb
      Size/MD5:   392982 c684402d47c0241082b8e10d53d7be1d
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-11ubuntu2.1_amd64.udeb
      Size/MD5:   485138 e2e27a06ce3e23ec0a0a60adccef1d3f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-11ubuntu2.1_i386.deb
      Size/MD5:    68702 2b0c3156e1e16d6a7c85b47cc78568a9
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-11ubuntu2.1_i386.udeb
      Size/MD5:    58272 5a0219fa52ba18e8c5643b4b9b306d34
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11ubuntu2.1_i386.deb
      Size/MD5:   184006 6f0cb2c4a653abb923c759af5d772ce6
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1_i386.deb
      Size/MD5:   375022 40ccbe89337f5d50180627fed498d0dc
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-11ubuntu2.1_i386.udeb
      Size/MD5:   483648 efbe3d82bff46ba822d0fd98ce8a00e5

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-11ubuntu2.1_powerpc.deb
      Size/MD5:    69312 8923eab5bccce5f21450d5db5b3d9823
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-11ubuntu2.1_powerpc.udeb
      Size/MD5:    64518 0fc8f544fc3a3d0048a392928060e738
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11ubuntu2.1_powerpc.deb
      Size/MD5:   186332 0452808b8c81777e9b0ce0e7f4fd5339
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1_powerpc.deb
      Size/MD5:   396242 661ad07d73e8e4d8c598332e3f8d6cff
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-11ubuntu2.1_powerpc.udeb
      Size/MD5:   488244 35b07c63b6e17be0904b43e6e40ac9c3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-11ubuntu2.1_sparc.deb
      Size/MD5:    68920 843532049701dd1dcb8fd577c40946af
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-11ubuntu2.1_sparc.udeb
      Size/MD5:    37760 48451d10fceab09e6de661ef05f1b14a
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-11ubuntu2.1_sparc.deb
      Size/MD5:   188254 e4157312fcf1047f3884d7b9bb3e8c45
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-11ubuntu2.1_sparc.deb
      Size/MD5:   276076 6c9194834c90105b17c3da08f16b38cf

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1.diff.gz
      Size/MD5:   109100 a98e53b6bd68efce6a0b4c0ad3a24d80
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1.dsc
      Size/MD5:      865 34b1c475aa3933d95901be238428b924
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r.orig.tar.gz
      Size/MD5:  1992725 c261230b27fc0fbcc287c76884caf2d3

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux-locales_2.12r-17ubuntu2.1_all.deb
      Size/MD5:    44988 69af31de05c3a8e7fc6f693572a2ff23

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-17ubuntu2.1_amd64.deb
      Size/MD5:    71096 40f8b2e35b2100f58d1942e9e5cc1772
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-17ubuntu2.1_amd64.udeb
      Size/MD5:    65082 398252dc85854c50fefb8b2d76f319a2
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17ubuntu2.1_amd64.deb
      Size/MD5:   195646 da3a145a93f1515451f5ab5ed5a7740f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1_amd64.deb
      Size/MD5:   400806 e84c0a0683cc98e6713f6e4974f41085
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-17ubuntu2.1_amd64.udeb
      Size/MD5:   485302 ffcee793560ed0cf14e317d062509dca

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-17ubuntu2.1_i386.deb
      Size/MD5:    69674 23b78f3a8cf3c8f7a28322ba329f1d9f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-17ubuntu2.1_i386.udeb
      Size/MD5:    58380 435448ca928a18b2adb8191d92277704
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17ubuntu2.1_i386.deb
      Size/MD5:   187336 6291c54abce2cd34e50b5d3f88a2df5f
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1_i386.deb
      Size/MD5:   376748 3e714e4aa8f7f166fbc6001781775335
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-17ubuntu2.1_i386.udeb
      Size/MD5:   483782 b77ffc94324dd26b8f6c09df92a982aa

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-17ubuntu2.1_powerpc.deb
      Size/MD5:    72014 b7907757378492fdb225909472c06469
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-17ubuntu2.1_powerpc.udeb
      Size/MD5:    66418 23c264a1b201adb3c67035b617c00e79
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17ubuntu2.1_powerpc.deb
      Size/MD5:   194292 d3abfc28e4a069e38bd7a1b4d477c56c
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1_powerpc.deb
      Size/MD5:   415928 497b860e715ac518acbdb85fc54ee7a1
    http://security.ubuntu.com/ubuntu/pool/universe/u/util-linux/cfdisk-udeb_2.12r-17ubuntu2.1_powerpc.udeb
      Size/MD5:   489348 28ff6843b647a5900aa6cae56fdd5094

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/bsdutils_2.12r-17ubuntu2.1_sparc.deb
      Size/MD5:    70492 2cdb53a81ed2e737a87c55b6aed743d0
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/fdisk-udeb_2.12r-17ubuntu2.1_sparc.udeb
      Size/MD5:    38290 0fd59c31535bd82a74c9ed5a292cadad
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/mount_2.12r-17ubuntu2.1_sparc.deb
      Size/MD5:   193684 4405c4176922a2bfcff0ed311dff468b
    http://security.ubuntu.com/ubuntu/pool/main/u/util-linux/util-linux_2.12r-17ubuntu2.1_sparc.deb
      Size/MD5:   281288 5b7901a1124ce38ef8f0a57c4b8e0ba2


Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ