User: Password:
|
|
Subscribe / Log in / New account

Security

SSH plaintext recovery vulnerability

By Jake Edge
November 19, 2008

A somewhat mysterious SSH vulnerability has been reported in a way that unfortunately looks a bit like partial disclosure. In this case, though, there is a workaround that is supposed to alleviate the problem, so there are good reasons—as opposed to publicity-oriented reasons—to announce the flaw. While it is difficult to exploit, it does expose up to 32-bits of plaintext from within an SSH session which is a failure mode that is rather worrisome.

The flaw has only been confirmed in OpenSSH 4.7p1, but the announcement indicates that it is likely to be much more widespread: "We expect any RFC-compliant SSH implementation to be vulnerable to some form of the attack." The flaw is in the design of SSH and can allow an attacker who has "control over the network"—presumably the ability to monitor and inject traffic—to recover 32 plaintext bits with a very low probability (2-18). The bits recovered come from an attacker-selected block of ciphertext. The attack leads to the termination of the SSH connection, so iterative attacks will be difficult or impossible.

It is hard to get too worked up about that kind of attack, even with much of the details lacking, but typically these kinds of flaws can be expanded in various ways. The announcement mentions variants that recover 14 bits with a probability of 2-14. It also carries the following warning: "The success probabilities for other implementations are unknown (but are potentially much higher)." It is a security tautology that vulnerabilities only get bigger over time, which we have seen in various contexts, notably in DNS cache poisoning flaws over the years.

Another bit of information provided by the Centre for the Protection of National Infrastructure (CPNI), the UK government agency who issued the advisory, is that the attack analyzes "the behaviour of the SSH connection when handling certain types of errors". This particular attack is also only applicable to the default cipher-block chaining (CBC) mode, so switching to counter (CTR) mode works around the flaw.

OpenSSH supports the use of AES in CTR mode, which is what the advisory recommends using:

A switch to AES in counter mode could most easily be enforced by limiting which encryption algorithms are offered during the ciphersuite negotiation that takes place as part of the SSH key exchange (see RFC 4253, Section 7.1).

There is quite a bit of information in the advisory that might lead a determined attacker in the "right" direction. It might also provide enough for someone to come up with attacks that are more probable and/or reveal more plaintext. So far, the Internet Storm Center is reporting that they have not seen any evidence that the flaw is being exploited in the wild.

OpenSSH has not, as yet, addressed the issue, at least on their security page. At least in its current form, there is probably very little to worry about from this flaw, but very security-conscious SSH users will want to apply the workaround.

Comments (12 posted)

New vulnerabilities

clamav: arbitrary code execution

Package(s):clamav CVE #(s):CVE-2008-5050
Created:November 17, 2008 Updated:December 24, 2008
Description:

From the Mandriva advisory:

An off-by-one error was found in ClamAV versions prior to 0.94.1 that could allow remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted VBA project file (CVE-2008-5050).

Alerts:
Gentoo 200812-21 clamav 2008-12-23
Debian DSA-1680-1 clamav 2008-12-04
SuSE SUSE-SR:2008:026 libxml2, phpMyAdmin, lighttpd, OpenOffice_org, imp, clamav, acroread, htop, cups 2008-11-24
Ubuntu USN-672-1 clamav 2008-11-17
Mandriva MDVSA-2008:229 clamav 2008-11-14

Comments (none posted)

cobbler: arbitrary code execution

Package(s):cobbler CVE #(s):
Created:November 19, 2008 Updated:November 24, 2008
Description:

From the Fedora advisory:

Fixes a security vulnerability where a CobblerWeb user (if so configured) can import a Python module via a web-edited Cheetah template and run commands as root.

Alerts:
Fedora FEDORA-2008-10000 cobbler 2008-11-22
Fedora FEDORA-2008-9745 cobbler 2008-11-19
Fedora FEDORA-2008-9723 cobbler 2008-11-19

Comments (none posted)

firefox: policy bypass

Package(s):Mozilla, firefox, seamonkey CVE #(s):CVE-2008-4582
Created:November 14, 2008 Updated:January 8, 2009
Description: From the CVE entry: Mozilla Firefox 3.0.1 through 3.0.3 on Windows does not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
Alerts:
Gentoo 201301-01 firefox 2013-01-07
Slackware SSA:2008-366-01 mozilla 2009-01-02
Debian DSA-1671-1 iceweasel 2008-11-24
Debian DSA-1669-1 xulrunner 2008-11-23
Ubuntu USN-667-1 firefox, firefox-3.0, xulrunner-1.9 2008-11-17
Fedora FEDORA-2008-9667 devhelp 2008-11-14
Fedora FEDORA-2008-9669 devhelp 2008-11-14
Fedora FEDORA-2008-9667 epiphany 2008-11-14
Fedora FEDORA-2008-9669 epiphany 2008-11-14
Fedora FEDORA-2008-9667 chmsee 2008-11-14
Fedora FEDORA-2008-9667 openvrml 2008-11-14
Debian DSA-1697-1 iceape 2009-01-07
Fedora FEDORA-2008-9667 cairo-dock 2008-11-14
Fedora FEDORA-2008-9669 cairo-dock 2008-11-14
Fedora FEDORA-2008-9669 chmsee 2008-11-14
Fedora FEDORA-2008-9667 firefox 2008-11-14
Fedora FEDORA-2008-9669 firefox 2008-11-14
Fedora FEDORA-2008-9667 blam 2008-11-14
Fedora FEDORA-2008-9667 evolution-rss 2008-11-14
Fedora FEDORA-2008-9669 evolution-rss 2008-11-14
Fedora FEDORA-2008-9667 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9669 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9667 galeon 2008-11-14
Fedora FEDORA-2008-9669 galeon 2008-11-14
Fedora FEDORA-2008-9667 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9669 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9667 liferea 2008-11-14
Fedora FEDORA-2008-9667 yelp 2008-11-14
Fedora FEDORA-2008-9669 yelp 2008-11-14
Fedora FEDORA-2008-9667 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9669 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9667 kazehakase 2008-11-14
Fedora FEDORA-2008-9669 kazehakase 2008-11-14
Fedora FEDORA-2008-9667 Miro 2008-11-14
Fedora FEDORA-2008-9669 Miro 2008-11-14
Fedora FEDORA-2008-9667 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 xulrunner 2008-11-14
Fedora FEDORA-2008-9669 gtkmozembedmm 2008-11-14
Fedora FEDORA-2008-9669 totem 2008-11-14
Fedora FEDORA-2008-9669 google-gadgets 2008-11-14
Fedora FEDORA-2008-9669 mugshot 2008-11-14
Fedora FEDORA-2008-9669 mozvoikko 2008-11-14
Fedora FEDORA-2008-9669 epiphany-extensions 2008-11-14
Fedora FEDORA-2008-9667 epiphany-extensions 2008-11-14
Debian DSA-1696-1 icedove 2009-01-07

Comments (4 posted)

firefox: arbitrary code execution

Package(s):firefox CVE #(s):CVE-2008-5015
Created:November 13, 2008 Updated:November 26, 2008
Description: Firefox has an arbitrary code execution vulnerability. From the Red Hat alert: A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was loaded in the same tab as a chrome or privileged "about:" page, the file: URI could execute arbitrary code with the permissions of the user running Firefox.
Alerts:
Gentoo 201301-01 firefox 2013-01-07
SuSE SUSE-SA:2008:055 MozillaFirefox,MozillaThunderbird,seamonkey 2008-11-26
Mandriva MDVSA-2008:230 firefox 2008-11-17
Ubuntu USN-667-1 firefox, firefox-3.0, xulrunner-1.9 2008-11-17
CentOS CESA-2008:0978 firefox 2008-11-14
Fedora FEDORA-2008-9667 devhelp 2008-11-14
Fedora FEDORA-2008-9669 devhelp 2008-11-14
Fedora FEDORA-2008-9667 epiphany 2008-11-14
Fedora FEDORA-2008-9669 epiphany 2008-11-14
Fedora FEDORA-2008-9667 cairo-dock 2008-11-14
Fedora FEDORA-2008-9669 evolution-rss 2008-11-14
Fedora FEDORA-2008-9669 cairo-dock 2008-11-14
Fedora FEDORA-2008-9667 chmsee 2008-11-14
Fedora FEDORA-2008-9669 chmsee 2008-11-14
Fedora FEDORA-2008-9667 firefox 2008-11-14
Fedora FEDORA-2008-9669 firefox 2008-11-14
Fedora FEDORA-2008-9667 blam 2008-11-14
Fedora FEDORA-2008-9667 evolution-rss 2008-11-14
Fedora FEDORA-2008-9667 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9669 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9667 galeon 2008-11-14
Fedora FEDORA-2008-9669 galeon 2008-11-14
Fedora FEDORA-2008-9667 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9669 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9667 liferea 2008-11-14
Fedora FEDORA-2008-9667 yelp 2008-11-14
Fedora FEDORA-2008-9669 yelp 2008-11-14
Fedora FEDORA-2008-9667 openvrml 2008-11-14
Fedora FEDORA-2008-9667 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9669 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9667 kazehakase 2008-11-14
Fedora FEDORA-2008-9669 kazehakase 2008-11-14
Fedora FEDORA-2008-9667 Miro 2008-11-14
Fedora FEDORA-2008-9669 Miro 2008-11-14
Fedora FEDORA-2008-9667 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 xulrunner 2008-11-14
Fedora FEDORA-2008-9669 gtkmozembedmm 2008-11-14
Fedora FEDORA-2008-9669 totem 2008-11-14
Fedora FEDORA-2008-9669 google-gadgets 2008-11-14
Fedora FEDORA-2008-9669 mugshot 2008-11-14
Fedora FEDORA-2008-9669 mozvoikko 2008-11-14
Fedora FEDORA-2008-9669 epiphany-extensions 2008-11-14
Fedora FEDORA-2008-9667 epiphany-extensions 2008-11-14
Red Hat RHSA-2008:0978-01 firefox 2008-11-12

Comments (none posted)

geda-gnetlist: insecure tmp file usage

Package(s):geda-gnetlist CVE #(s):CVE-2008-5148
Created:November 19, 2008 Updated:March 9, 2009
Description:

From the Red Hat bugzilla:

sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/##### temporary file.

Alerts:
Gentoo 200903-08 geda 2009-03-07
Fedora FEDORA-2008-10000 geda-gnetlist 2008-11-22
Fedora FEDORA-2008-9730 geda-gnetlist 2008-11-19
Fedora FEDORA-2008-9694 geda-gnetlist 2008-11-19

Comments (none posted)

htop: process name sanitizing

Package(s):htop CVE #(s):CVE-2008-5076
Created:November 19, 2008 Updated:November 25, 2008
Description:

From the Red Hat bugzilla:

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."

Alerts:
SuSE SUSE-SR:2008:026 libxml2, phpMyAdmin, lighttpd, OpenOffice_org, imp, clamav, acroread, htop, cups 2008-11-24
Fedora FEDORA-2008-9944 htop 2008-11-22
Fedora FEDORA-2008-9728 htop 2008-11-19
Fedora FEDORA-2008-9791 htop 2008-11-19

Comments (none posted)

initscripts: denial of service

Package(s):initscripts CVE #(s):CVE-2008-4832
Created:November 13, 2008 Updated:November 19, 2008
Description: initscripts has a denial of service vulnerability. From the rPath alert: Previous versions of the initscripts package are vulnerable to a Denial of Service attack in which a local user may cause arbitrary files to be deleted at next boot time by creating symlinks under various /var subdirectories.
Alerts:
rPath rPSA-2008-0318-1 initscripts 2008-11-12

Comments (none posted)

libcdaudio: heap overflow

Package(s):libcdaudio CVE #(s):CVE-2008-5030
Created:November 13, 2008 Updated:December 7, 2009
Description: libcdaudio has an arbitrary code execution vulnerability. From the Debian alert: It was discovered that a heap overflow in the CDDB retrieval code of libcdaudio, a library for controlling a CD-ROM when playing audio CDs, may result in the execution of arbitrary code.
Alerts:
Mandriva MDVSA-2008:233-1 libcdaudio 2008-12-07
Gentoo 200903-31 libcdaudio 2009-03-17
Mandriva MDVSA-2008:233 libcdaudio 2008-11-20
Debian DSA-1665-1 libcdaudio 2008-11-12

Comments (none posted)

libxml2: multiple vulnerabilities

Package(s):libxml2 CVE #(s):CVE-2008-4225 CVE-2008-4226
Created:November 17, 2008 Updated:August 12, 2009
Description:

From the Red Hat advisory:

An integer overflow flaw causing a heap-based buffer overflow was found in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to crash or, possibly, execute arbitrary code. (CVE-2008-4226)

A denial of service flaw was discovered in the libxml2 XML parser. If an application linked against libxml2 processed untrusted, malformed XML content, it could cause the application to enter an infinite loop. (CVE-2008-4225)

Alerts:
Fedora FEDORA-2009-8491 libxml2 2009-08-11
Gentoo 200812-06 libxml2 2008-12-02
SuSE SUSE-SR:2008:026 libxml2, phpMyAdmin, lighttpd, OpenOffice_org, imp, clamav, acroread, htop, cups 2008-11-24
Fedora FEDORA-2008-10000 libxml2 2008-11-22
Slackware SSA:2008-324-01 libxml2 2008-11-20
Ubuntu USN-673-1 libxml2 2008-11-19
rPath rPSA-2008-0325-1 libxml2 2008-11-19
Mandriva MDVSA-2008:231 libxml2 2008-11-18
Fedora FEDORA-2008-9773 libxml2 2008-11-19
Fedora FEDORA-2008-9729 libxml2 2008-11-19
CentOS CESA-2008:0988 libxml2 2008-11-17
Debian DSA-1666-1 libxml2 2008-11-17
Red Hat RHSA-2008:0988-01 libxml2 2008-11-17
SuSE SUSE-SR:2009:001 ethereal/wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, opera 2009-01-12

Comments (none posted)

mysql: denial of service

Package(s):mysql-dfsg-5.0 CVE #(s):CVE-2008-3963
Created:November 18, 2008 Updated:March 8, 2010
Description: From the Ubuntu advisory: It was discovered that MySQL did not handle empty bit-string literals properly. An attacker could exploit this problem and cause the MySQL server to crash, leading to a denial of service.
Alerts:
Ubuntu USN-1397-1 mysql-5.1, mysql-dfsg-5.0, mysql-dfsg-5.1 2012-03-12
Gentoo 201201-02 mysql 2012-01-05
rPath rPSA-2010-0014-1 mysql 2010-03-07
Mandriva MDVSA-2009:326 mysql 2009-12-07
CentOS CESA-2009:1289 mysql 2009-09-15
Red Hat RHSA-2009:1289-02 mysql 2009-09-02
Red Hat RHSA-2009:1067-01 Red Hat Application Stack 2009-05-26
Debian DSA-1783 mysql-dfsg-5.0 2009-04-29
Mandriva MDVSA-2009:094 mysql 2009-04-22
Ubuntu USN-671-1 mysql-dfsg-5.0 2008-11-17
SuSE SUSE-SR:2009:001 ethereal/wireshark, mysql, imap, rsyslog, courier-authlib, nfs-utils, libxml2, python, jhead, git, samba, vinagre, opera 2009-01-12

Comments (none posted)

optipng: buffer overflow

Package(s):optipng CVE #(s):
Created:November 13, 2008 Updated:December 2, 2008
Description: OptiPNG has a buffer overflow vulnerability. From the Fedora alert: A buffer overflow flaw has been found in the OptiPNG -- PNG image optimizer. This flaw is caused due to an boundary error in the BMP image reader, responsible for handling BMP images. Local unprivileged user could use this flaw to execu[t]e arbit[r]ary code via providing a specially crafted BMP image file to the optimizer.
Alerts:
Gentoo 200812-01 optipng 2008-12-02
Fedora FEDORA-2008-9633 optipng 2008-11-13
Fedora FEDORA-2008-9639 optipng 2008-11-13

Comments (none posted)

php: safe_mode bypass

Package(s):php CVE #(s):CVE-2008-2665 CVE-2008-2666
Created:November 17, 2008 Updated:March 3, 2009
Description:

From the Gentoo advisory:

Maksymilian Arciemowicz of SecurityReason Research reported that a design error in PHP's stream wrappers allows to circumvent safe_mode checks in several filesystem-related PHP functions (CVE-2008-2665, CVE-2008-2666).

Alerts:
rPath rPSA-2009-0035-1 php 2009-03-02
Slackware SSA:2008-339-01 php 2008-12-05
Gentoo 200811-05 php 2008-11-16

Comments (none posted)

quassel: issue with CTCP handling

Package(s):quassel CVE #(s):
Created:November 14, 2008 Updated:November 19, 2008
Description: From this Quassel blog entry: Well, looks like 0.3.0.2 was not the last 0.3.0 release after all. coekie found an issue with CTCP handling in Quassel Core that allows attackers to send arbitrary IRC messages on your behalf. This issue is present in all versions prior to 0.3.0.3 and Git older than October 26th (rev. d7a0381). This has been fixed in the quassel-0.3.0.3 release and also in Git and the nightly builds.
Alerts:
Fedora FEDORA-2008-9658 quassel 2008-11-14

Comments (none posted)

seamonkey: multiple vulnerabilities

Package(s):seamonkey, firefox, thunderbird CVE #(s):CVE-2008-0017 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5016 CVE-2008-5017 CVE-2008-5018 CVE-2008-5019 CVE-2008-5021 CVE-2008-5022 CVE-2008-5023 CVE-2008-5024
Created:November 13, 2008 Updated:January 8, 2009
Description: Seamonkey has multiple vulnerabilities. From the Red Hat alert:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2008-0017, CVE-2008-5013, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)

Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a SeaMonkey user into surrendering sensitive information. (CVE-2008-5012, CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)

Alerts:
openSUSE openSUSE-SU-2014:1100-1 Firefox 2014-09-09
Gentoo 201301-01 firefox 2013-01-07
Ubuntu USN-668-1 mozilla-thunderbird, thunderbird 2008-11-26
SuSE SUSE-SA:2008:055 MozillaFirefox,MozillaThunderbird,seamonkey 2008-11-26
Debian DSA-1671-1 iceweasel 2008-11-24
Slackware SSA:2008-325-01 thunderbird 2008-11-24
Mandriva MDVSA-2008:235 mozilla-thunderbird 2008-11-20
Fedora FEDORA-2008-9901 thunderbird 2008-11-22
Debian DSA-1669-1 xulrunner 2008-11-23
CentOS CESA-2008:0976 thunderbird 2008-11-23
Fedora FEDORA-2008-9859 thunderbird 2008-11-21
Fedora FEDORA-2008-9807 thunderbird 2008-11-21
Red Hat RHSA-2008:0976-01 thunderbird 2008-11-19
Mandriva MDVSA-2008:230 firefox 2008-11-17
Ubuntu USN-667-1 firefox, firefox-3.0, xulrunner-1.9 2008-11-17
Slackware SSA:2008-320-04 seamonkey 2008-11-17
Slackware SSA:2008-320-03 mozilla-firefox 2008-11-17
CentOS CESA-2008:0978 firefox 2008-11-14
Fedora FEDORA-2008-9667 devhelp 2008-11-14
Fedora FEDORA-2008-9669 devhelp 2008-11-14
Fedora FEDORA-2008-9667 epiphany 2008-11-14
Fedora FEDORA-2008-9669 epiphany 2008-11-14
Fedora FEDORA-2008-9667 blam 2008-11-14
Fedora FEDORA-2008-9667 cairo-dock 2008-11-14
Fedora FEDORA-2008-9669 cairo-dock 2008-11-14
Fedora FEDORA-2008-9667 chmsee 2008-11-14
Fedora FEDORA-2008-9669 chmsee 2008-11-14
Fedora FEDORA-2008-9667 firefox 2008-11-14
Fedora FEDORA-2008-9669 firefox 2008-11-14
Fedora FEDORA-2008-9667 evolution-rss 2008-11-14
Fedora FEDORA-2008-9669 evolution-rss 2008-11-14
Fedora FEDORA-2008-9667 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9669 gnome-web-photo 2008-11-14
Fedora FEDORA-2008-9667 galeon 2008-11-14
Fedora FEDORA-2008-9669 galeon 2008-11-14
Fedora FEDORA-2008-9667 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9669 gnome-python2-extras 2008-11-14
Fedora FEDORA-2008-9667 liferea 2008-11-14
Fedora FEDORA-2008-9667 yelp 2008-11-14
Fedora FEDORA-2008-9669 yelp 2008-11-14
Fedora FEDORA-2008-9667 openvrml 2008-11-14
Fedora FEDORA-2008-9667 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9669 ruby-gnome2 2008-11-14
Fedora FEDORA-2008-9667 kazehakase 2008-11-14
Fedora FEDORA-2008-9669 kazehakase 2008-11-14
Fedora FEDORA-2008-9667 Miro 2008-11-14
Fedora FEDORA-2008-9669 Miro 2008-11-14
Fedora FEDORA-2008-9667 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 seamonkey 2008-11-14
Fedora FEDORA-2008-9669 xulrunner 2008-11-14
Fedora FEDORA-2008-9669 gtkmozembedmm 2008-11-14
Fedora FEDORA-2008-9669 totem 2008-11-14
Fedora FEDORA-2008-9669 google-gadgets 2008-11-14
Fedora FEDORA-2008-9669 mugshot 2008-11-14
Fedora FEDORA-2008-9669 mozvoikko 2008-11-14
Fedora FEDORA-2008-9669 epiphany-extensions 2008-11-14
Fedora FEDORA-2008-9667 epiphany-extensions 2008-11-14
Mandriva MDVSA-2008:228 mozilla-firefox 2008-11-13
Red Hat RHSA-2008:0978-01 firefox 2008-11-12
CentOS CESA-2008:0977 No RH alert RHSA-2008:0977-01 2008-11-13
Red Hat RHSA-2008:0977-01 seamonkey 2008-11-12
Debian DSA-1697-1 iceape 2009-01-07
Debian DSA-1696-1 icedove 2009-01-07

Comments (none posted)

vm-builder: privilege escalation

Package(s):vm-builder CVE #(s):
Created:November 14, 2008 Updated:November 19, 2008
Description: From the Ubuntu advisory: Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password.

This vulnerability only affects virtual machines created with vm-builder under Ubuntu 8.10, and does not affect native Ubuntu installations.

Alerts:
Ubuntu USN-670-1 vm-builder 2008-11-13

Comments (none posted)

Page editor: Jake Edge
Next page: Kernel development>>


Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds