lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <1228429745.352.9.camel@mdlinux.technorage.com>
Date: Thu, 04 Dec 2008 17:29:05 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [USN-687-1] nfs-utils vulnerability

===========================================================
Ubuntu Security Notice USN-687-1          December 04, 2008
nfs-utils vulnerability
CVE-2008-4552
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  nfs-kernel-server               1:1.0.7-3ubuntu2.1

Ubuntu 7.10:
  nfs-kernel-server               1:1.1.1~git-20070709-3ubuntu1.1

Ubuntu 8.04 LTS:
  nfs-kernel-server               1:1.1.2-2ubuntu2.2

Ubuntu 8.10:
  nfs-kernel-server               1:1.1.2-4ubuntu1.1

After a standard system upgrade you need to restart nfs services to effect
the necessary changes.

Details follow:

It was discovered that nfs-utils did not properly enforce netgroup
restrictions when using TCP Wrappers. Remote attackers could bypass the
netgroup restrictions enabled by the administrator and possibly gain
access to sensitive information.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7-3ubuntu2.1.diff.gz
      Size/MD5:    26729 5926412b5a7d5318b1b90747cade6294
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7-3ubuntu2.1.dsc
      Size/MD5:      698 28b88a044214b04388c55c9e206b48c5
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.0.7.orig.tar.gz
      Size/MD5:   401155 73d8af4367c79f31f68a4ca45422fd17

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_amd64.deb
      Size/MD5:   105890 d8e004d18150e3d6e91575e91b9f3c0c
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_amd64.deb
      Size/MD5:   125960 7ddc8bb36714d4ee3db12ce91adbda22
    http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_amd64.deb
      Size/MD5:    45058 d7f5a96c16456e520a28e0c0cb31cb0c

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_i386.deb
      Size/MD5:    94970 37cc41d6a9ad5505cb32528f14ec647f
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_i386.deb
      Size/MD5:   112816 e47956631dcb0c8980cd0f72a4e8428e
    http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_i386.deb
      Size/MD5:    43208 c0a0ff484719033e7be7ef166d54602f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_powerpc.deb
      Size/MD5:   107416 aac5f08b6f0f1fb5dea98a574d129225
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_powerpc.deb
      Size/MD5:   123988 dac1ae13e726e5e8bdca56aae8ab2a23
    http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_powerpc.deb
      Size/MD5:    44786 b65159109f7d2f0678350194be9b25c8

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.0.7-3ubuntu2.1_sparc.deb
      Size/MD5:    96252 8628208ebf8634aeb657c1f99c34ec83
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.0.7-3ubuntu2.1_sparc.deb
      Size/MD5:   114508 a96b1eab0b5a39e0062ad2c1592c2bd6
    http://security.ubuntu.com/ubuntu/pool/universe/n/nfs-utils/nhfsstone_1.0.7-3ubuntu2.1_sparc.deb
      Size/MD5:    44092 fffba1487c5b3660c592bfe6e5bdc935

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709-3ubuntu1.1.diff.gz
      Size/MD5:    30941 387a16c1bfc126fe5228b7cd7f895b47
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709-3ubuntu1.1.dsc
      Size/MD5:     1041 ee2f5835d47387259a1ffc509a1c800e
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.1~git-20070709.orig.tar.gz
      Size/MD5:  1207377 0c1a357290f5f233543bc942c0a006ad

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_amd64.deb
      Size/MD5:   187718 a21ea0964e11dc7437b31c8a24136a4e
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_amd64.deb
      Size/MD5:   158258 5245d20a87b1f265d699082fd3465cf0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_i386.deb
      Size/MD5:   176422 90dcb97b35a35e59de12e1432c1ab276
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_i386.deb
      Size/MD5:   148016 9f1a96121a13d0c89fed88ff4651600c

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_lpia.deb
      Size/MD5:   174424 09722999f8b92441488357e7d51b78be
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_lpia.deb
      Size/MD5:   147538 3983e3fa6588d37d350cd99441b6c2eb

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_powerpc.deb
      Size/MD5:   196470 d8ac43aff7c7099db1751dbe7e7064dc
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_powerpc.deb
      Size/MD5:   164396 668269dd69cbc4c3f51510b4fa41e9ef

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.1~git-20070709-3ubuntu1.1_sparc.deb
      Size/MD5:   179480 3e647339bec5baa0f94fd87a5569d8fa
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.1~git-20070709-3ubuntu1.1_sparc.deb
      Size/MD5:   149530 072323ce17f01390d48928254953af97

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-2ubuntu2.2.diff.gz
      Size/MD5:    35143 8595826433437ca8d573aadecec55b9e
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-2ubuntu2.2.dsc
      Size/MD5:     1022 c62bbac19283a7958350d308197562fe
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2.orig.tar.gz
      Size/MD5:   797386 76ee9274c2b867839427eba91b327f03

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_amd64.deb
      Size/MD5:   203396 e8caf55e52bd09522c911658c9208e0a
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_amd64.deb
      Size/MD5:   161652 0b2da0a86933e493142827ee3491f041

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_i386.deb
      Size/MD5:   190380 3365b806f003547556784dc460854acf
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_i386.deb
      Size/MD5:   150442 ae44f68055ff09b377dda8f77e7d7369

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_lpia.deb
      Size/MD5:   190708 56cff37c459c9bacecc0e19eac96493b
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_lpia.deb
      Size/MD5:   150870 0fa925b4b0417a78b81fd437978469ab

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_powerpc.deb
      Size/MD5:   212528 a92ea0106bf861d99eb2bcbb0e41e49c
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_powerpc.deb
      Size/MD5:   167720 2efce3bec09f1c42f577071a597236cb

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-2ubuntu2.2_sparc.deb
      Size/MD5:   193568 c82d3d388b1839ce31464b2941f9c9a3
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-2ubuntu2.2_sparc.deb
      Size/MD5:   151834 6028d63bf61670986dd3ac84d82f8f7e

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-4ubuntu1.1.diff.gz
      Size/MD5:    36776 80b7806275d3318009e26cdd4f21e80e
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2-4ubuntu1.1.dsc
      Size/MD5:     1426 d54ccf3d5cc03325778b2197597eb3b4
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-utils_1.1.2.orig.tar.gz
      Size/MD5:   797386 76ee9274c2b867839427eba91b327f03

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_amd64.deb
      Size/MD5:   206234 8fade4ffc3b54967b451601ebe3cd783
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_amd64.deb
      Size/MD5:   163432 52da66c1d20b506f83794d1116d7197f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_i386.deb
      Size/MD5:   191928 daf9c6e085ae1dc0677dd86c7946aac9
    http://security.ubuntu.com/ubuntu/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_i386.deb
      Size/MD5:   151532 87df37c719bd84c7520b0dfa86b9587d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_lpia.deb
      Size/MD5:   190668 8d2b6e20721ce687cb179b755e36d680
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_lpia.deb
      Size/MD5:   151770 701f49fcee4e0d9c4db0ddba416a80bf

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_powerpc.deb
      Size/MD5:   210084 3cddb9b535c4266bc418d83c3c68e817
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_powerpc.deb
      Size/MD5:   165774 e797caaae77e93b657884c8076da8742

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-common_1.1.2-4ubuntu1.1_sparc.deb
      Size/MD5:   195372 3026036061bc3138387bb29a81dc4836
    http://ports.ubuntu.com/pool/main/n/nfs-utils/nfs-kernel-server_1.1.2-4ubuntu1.1_sparc.deb
      Size/MD5:   153086 ccddafa24f7ce6182616c995b2c90603



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ