lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100726215050.GM3948@outflux.net>
Date: Mon, 26 Jul 2010 14:50:50 -0700
From: Kees Cook <kees@...ntu.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-964-1] Likewise Open vulnerability

===========================================================
Ubuntu Security Notice USN-964-1              July 26, 2010
likewise-open vulnerability
CVE-2010-0833
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.04 LTS:
  likewise-open5-lsass            5.4.0.42111-2ubuntu1.1

In general, a standard system update will make all the necessary changes.

Details follow:

Matt Weatherford discovered that Likewise Open did not correctly check
password expiration for the local-provider account. A local attacker could
exploit this to log into a system they would otherwise not have access to.


Updated packages for Ubuntu 10.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.1.diff.gz
      Size/MD5:    64682 09043b593e04adc1f60c26ee4aac035f
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.1.dsc
      Size/MD5:     1650 913ed2043149368e67f37176af506983
    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111.orig.tar.gz
      Size/MD5: 18092080 19620caa003a2b5d72333a89bf1374f2

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-eventlog_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5432 126299fab12e2a631fdbcd879d18d9a2
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-gui_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5434 184ce2cfb71e33b062b005c3added5fc
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-libs_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5426 3882a89c4577500193c3eed5b60f8c61
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-lsass_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5910 e5f8be95ca537152ab2d611b2de08a5e
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-netlogon_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5434 8cf6d0ca5eeaed3a2530169e44643d6f
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5-rpc_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5428 3a714728838b1b6590651a5f2b2dd518
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open5_5.4.0.42111-2ubuntu1.1_all.deb
      Size/MD5:     5416 188d15058d353ec27eb87c34db3538ea

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.1_amd64.deb
      Size/MD5:  3098090 f49a7680210d397aaced4bacbdd9db5a
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.1_amd64.deb
      Size/MD5:    29126 0e66013d093e6aeed2cdc3aab16f0e58
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.1_amd64.deb
      Size/MD5:   561242 33655392df31fa10cf8fd1231d2c4f68

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/likewise-open/likewise-open_5.4.0.42111-2ubuntu1.1_i386.deb
      Size/MD5:  2677246 7a51f8ce10251dc3e1b0cb009b34728d
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-gui_5.4.0.42111-2ubuntu1.1_i386.deb
      Size/MD5:    28174 84bf824b7c53ea8b06ff0cc2f28e01b6
    http://security.ubuntu.com/ubuntu/pool/universe/l/likewise-open/likewise-open-server_5.4.0.42111-2ubuntu1.1_i386.deb
      Size/MD5:   480228 dec653ec0f5c4595a437ba59c9ec817c


Download attachment "signature.asc" of type "application/pgp-signature" (237 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ