LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 29th, 2014
Linux Security Week: August 25th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: libgtop2 vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Liu Qishuai discovered a buffer overflow in the /proc parsing routines in libgtop. By creating and running a process in a specially crafted long path and tricking an user into running gnome-system-monitor, an attacker could exploit this to execute arbitrary code with the user's privileges.
=========================================================== 
Ubuntu Security Notice USN-407-1           January 15, 2007
libgtop2 vulnerability
https://launchpad.net/bugs/79206
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  libgtop2-5                               2.12.0-0ubuntu1.1

Ubuntu 6.06 LTS:
  libgtop2-7                               2.14.1-0ubuntu1.1

Ubuntu 6.10:
  libgtop2-7                               2.14.4-0ubuntu1.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Liu Qishuai discovered a buffer overflow in the /proc parsing routines
in libgtop. By creating and running a process in a specially crafted
long path and tricking an user into running gnome-system-monitor, an
attacker could exploit this to execute arbitrary code with the user's
privileges.


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.diff.gz
      Size/MD5:     5556 791af1d912da088b5dbdbaf8aa37b20b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0-0ubuntu1.1.dsc
      Size/MD5:     1421 24db7b76b5aec3e8e061197535a203db
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.12.0.orig.tar.gz
      Size/MD5:  1039660 358b710c463b01ba58ef0b8fe6b23818

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_amd64.deb
      Size/MD5:    59536 00690fbaa259fc912f510534157fe157
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_amd64.deb
      Size/MD5:    99396 3aa6528a1bcf3371b7b7eb1ce9a5b92f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_i386.deb
      Size/MD5:    58386 9195d353c45adca3994a25022eae9a36
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_i386.deb
      Size/MD5:    96894 d6ec48f3be35baeaaffb780c1cf5512a

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_powerpc.deb
      Size/MD5:    60424 4f8c50214d838f77395e8c098284ba43
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_powerpc.deb
      Size/MD5:    99330 1c587f04173e0c0addb0840b470783e6

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-5_2.12.0-0ubuntu1.1_sparc.deb
      Size/MD5:    58068 4f8f39bab5f25b4539c21daf8f466852
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.12.0-0ubuntu1.1_sparc.deb
      Size/MD5:    96764 28a224d481b8f6afd86e46378b719d0f

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.diff.gz
      Size/MD5:     6343 dbc3bc45b84f78f49633a92ad6993818
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1-0ubuntu1.1.dsc
      Size/MD5:     1418 78cd77e17c3825e7118bc7fe12c71156
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.1.orig.tar.gz
      Size/MD5:   930295 84a7ac187e609594565bb6e731d21287

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_amd64.deb
      Size/MD5:    62640 22fdd503710884583da14ba62a088759
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_amd64.deb
      Size/MD5:   102940 1205833458f90c9f641a9ec4acd99e61

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_i386.deb
      Size/MD5:    61060 e1bab8b7cdcec2a6a56956b193bf4e07
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_i386.deb
      Size/MD5:   100084 e7d740a94cc1a2186ce0a6dfec492e8c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_powerpc.deb
      Size/MD5:    63616 4d22b62d6b16e9de6e56e684fbc18ff9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_powerpc.deb
      Size/MD5:   102736 0b54b07153901282568b4913fbfc74d1

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.1-0ubuntu1.1_sparc.deb
      Size/MD5:    60818 5cd7e26033bc1449f924de0a654dab3d
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.1-0ubuntu1.1_sparc.deb
      Size/MD5:    99980 4b27af2bb2c86df2238a4c8a555ca427

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.diff.gz
      Size/MD5:     6911 9cd6e7d03dc79a89c5cb36e9d49e75fb
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4-0ubuntu1.1.dsc
      Size/MD5:     1490 4fae35724137fad1a1fa89411f2c2c3a
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2_2.14.4.orig.tar.gz
      Size/MD5:   925125 2fc3b461babfafa01fb39bef4c995972

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-common_2.14.4-0ubuntu1.1_all.deb
      Size/MD5:    37164 e541a24286e6712b58b0e394bcdd0038

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_amd64.deb
      Size/MD5:    64950 6aa31cf8c983f041d491bb43614c7aab
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_amd64.deb
      Size/MD5:   105226 0c8fd72b054f29f2298b6767ef11488c

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_i386.deb
      Size/MD5:    64556 b7f8feb0f615bcbb9a21fd69a5ed06cd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_i386.deb
      Size/MD5:   103190 d3d89561e57a6c8eb7c83a87b97893e9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_powerpc.deb
      Size/MD5:    65904 17b3c114fe2a1fe5d65721cb3d7ddf75
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_powerpc.deb
      Size/MD5:   104692 5dc40cc4de80736623324d1a7d4aa627

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-7_2.14.4-0ubuntu1.1_sparc.deb
      Size/MD5:    63780 ee5af234c8f29ecfabf208f69c98d3e3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgtop2/libgtop2-dev_2.14.4-0ubuntu1.1_sparc.deb
      Size/MD5:   102848 588b6443f995fcf63263bcaaa6eaf592

 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
How Cops and Hackers Could Abuse California’s New Phone Kill-Switch Law
Why Russian hackers are beating us
DQ Breach? HQ Says No, But Would it Know?
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.