Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: March 27th, 2015
Linux Security Week: March 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: GeoIP vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Dean Gaudet discovered that the GeoIP update tool did not validate the filename responses from the update server. A malicious server, or man-in-the-middle system posing as a server, could write to arbitrary files with user privileges.
Ubuntu Security Notice USN-412-1           January 23, 2007
geoip vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  geoip-bin                                1.3.10-1ubuntu0.1

Ubuntu 6.06 LTS:
  geoip-bin                                1.3.14-2ubuntu0.1

Ubuntu 6.10:
  geoip-bin                                1.3.17-1ubuntu0.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Dean Gaudet discovered that the GeoIP update tool did not validate the 
filename responses from the update server.  A malicious server, or 
man-in-the-middle system posing as a server, could write to arbitrary 
files with user privileges.

Updated packages for Ubuntu 5.10:

  Source archives:
      Size/MD5:    19361 1577a4756cbfcbc08fee1d6ab88df63c
      Size/MD5:      619 718ec1b30033bf8c552d0dec546cae84
      Size/MD5:   623578 617adbadc30525ed1b76bd85d2df0848

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    21740 d82e390d020ae7f038972d1e93c7770b
      Size/MD5:    46110 39942b4693519b7e8163726f06938fa4
      Size/MD5:   442618 a5347051848d76f56f60cac3160d4133

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    20480 5b54a91e89477e3c0b1c360235ce35ec
      Size/MD5:    44040 49d5b66ff34b12e0c927e64467878cbb
      Size/MD5:   439838 fcc414ff57cd78588d02f6a7c24b666f

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    24108 3a17f77d1d50e6d8cb8ab04d094fcea9
      Size/MD5:    44786 8db0863a597193c3b8e0455fe38c1cd6
      Size/MD5:   444540 9769bd03d33543296cbd721bd3fd758b

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    20914 aa9e3b039820f95c96555710223b1088
      Size/MD5:    44958 5aa013e81f5f505f2fb5acae3138e75b
      Size/MD5:   440072 c331d12a7f45e1f2467b8dccd13e70dc

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    37644 fffce27f110b11f57ac1180483672245
      Size/MD5:      621 b27f07aad2bc0bc6249d345cf57a1b97
      Size/MD5:   676699 b0bb68858586e44b30539751c1c2eb72

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    17250 25a504fbc7a804c6b2c9e9bb031d11fe
      Size/MD5:    48244 6540d56fa4091c3f5f0e097315e60068
      Size/MD5:   457716 60c072459d9c964acd028521e28a749d

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    16696 a1d3b8d0a16b5d9fea8531232c41c8ee
      Size/MD5:    46362 b7312b4899edffba1b05c7845ba7175b
      Size/MD5:   455014 c1de51f98c8840450505d9955d2136cd

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    19610 b259e96b0f7b6875771b4c4b513dc331
      Size/MD5:    47086 0789205be3acaf2f679116e413134fc0
      Size/MD5:   458658 39d545b4555018fb6cfcc00c2c30405c

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    16890 b73477c481d785d917dff731a9039371
      Size/MD5:    47712 fdea5cabbd70f9af016514688b1a10f9
      Size/MD5:   455872 3dae362b3c420556c1b30b7dc3dc5827

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:    32292 88f5e421958604218e8fd28265f78ddc
      Size/MD5:      621 a4ad466ec23c97646dee1ebd3ff0085f
      Size/MD5:   777923 513c0a2e93179790c465206e70ddda74

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)
      Size/MD5:    17652 2ee948b5c67f643f375431df37926db0
      Size/MD5:    48162 ecc9d206bf9e0db424afeb84df18ced7
      Size/MD5:   478240 6130b7c288bb9bf2a04d3a8f7d694b9e

  i386 architecture (x86 compatible Intel/AMD)
      Size/MD5:    17106 a95144d6b85f7e494f772d35e44ffee3
      Size/MD5:    47452 fec7b87ac2baef74654373ffb54cc9e0
      Size/MD5:   476192 af001d792625ff40d7ea51e2bf688c88

  powerpc architecture (Apple Macintosh G3/G4/G5)
      Size/MD5:    20126 5b336326b1754e61765f6b9b53647178
      Size/MD5:    47766 e3a67bbaae13a8d0f04a860c0526d775
      Size/MD5:   479884 e3c1da145ec64ebcb30f31864dfd7a2d

  sparc architecture (Sun SPARC/UltraSPARC)
      Size/MD5:    17308 d0719e919c096d850e8e46cc8f6f6c61
      Size/MD5:    47464 14bc103daa37d153c931d2a005ad5d45
      Size/MD5:   475804 db29457bd10e259c16ff020c49513cab

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)



--==============29381468=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

ubuntu-security-announce mailing list
Modify settings or unsubscribe at:

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
FBI Quietly Removes Recommendation To Encrypt Your Phone
And the prize for LEAST SECURE BROWSER goes to ... Chrome!
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.