LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: Tomboy vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Jan Oravec discovered that Tomboy did not properly setup the LD_LIBRARY_PATH environment variable. A local attacker could exploit this to execute arbitrary code as the user invoking the program.
=========================================================== 
Ubuntu Security Notice USN-560-1           January 07, 2008
tomboy vulnerability
CVE-2005-4790
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  tomboy                          0.3.5-1ubuntu3.1

Ubuntu 6.10:
  tomboy                          0.4.1-0ubuntu3.1

Ubuntu 7.04:
  tomboy                          0.6.3-0ubuntu1.1

Ubuntu 7.10:
  tomboy                          0.8.0-1ubuntu0.1

After a standard system upgrade you need to restart Tomboy to effect
the necessary changes.

Details follow:

Jan Oravec discovered that Tomboy did not properly setup the
LD_LIBRARY_PATH environment variable. A local attacker could
exploit this to execute arbitrary code as the user invoking
the program.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1.diff.gz
      Size/MD5:    23933 6c9f715503954349ea56aeb86da98da6
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1.dsc
      Size/MD5:      887 67368aeea634e7ea85404c08c7203752
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5.orig.tar.gz
      Size/MD5:   665911 63da1e4c752fa8802b40eb5b4726ff35

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_amd64.deb
      Size/MD5:   151414 66f0431f00f2b408d36142573e0ae81a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_i386.deb
      Size/MD5:   148058 20c1fad5297117a6b7a42ce22c542c09

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_powerpc.deb
      Size/MD5:   149712 314fdc7e7c09989828f867076f3a9916

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.3.5-1ubuntu3.1_sparc.deb
      Size/MD5:   148738 b966585a564a3a8485195ebc445c8811

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1.diff.gz
      Size/MD5:     7320 9ee233ef334cd4df7ed06ca10f66a29f
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1.dsc
      Size/MD5:      921 663cff08a633aea0a39432269e702bb5
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1.orig.tar.gz
      Size/MD5:   937041 7e9ab15b8c799d265676173f8a8de7ce

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_amd64.deb
      Size/MD5:   425900 4e7c700e7997cd0ea9c125d907765b47

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_i386.deb
      Size/MD5:   423536 2233018b7964415d4d92f2226cceacae

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_powerpc.deb
      Size/MD5:   424412 0658a6b6650b43cca494c6c54bc36a7c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.4.1-0ubuntu3.1_sparc.deb
      Size/MD5:   422726 279345713a6a1a2aad6f94ba95926a0e

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1.diff.gz
      Size/MD5:    14285 c99ec66159af23c7c8bf0b34034c010a
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1.dsc
      Size/MD5:     1142 f7be2cce138282dcadee5df308b756ae
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3.orig.tar.gz
      Size/MD5:  1878094 566af33c4956e05512a57ae7a63c849f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_amd64.deb
      Size/MD5:  1198448 78c9f1957ebe8496234fb583ed577909

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_i386.deb
      Size/MD5:  1196104 542d2466b008e9e258dc1cb4375a06f4

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_powerpc.deb
      Size/MD5:  1200260 58b6d75c2db39bb929f5e1566bee9462

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.6.3-0ubuntu1.1_sparc.deb
      Size/MD5:  1195606 8b2cce4383671a94d02f81f3492cf9f4

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1.diff.gz
      Size/MD5:    12763 2c560717c1a85b755c88a868a9ae541c
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1.dsc
      Size/MD5:     1070 4c87625903828c6a5405f75e1a9f4501
    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0.orig.tar.gz
      Size/MD5:  2535671 28cf74d74090c7479c5716d8cbe6ed6a

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_amd64.deb
      Size/MD5:  2392716 7f03c42d8f7f06c413ea1e265582e446

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_i386.deb
      Size/MD5:  2389672 09bb10c6e415f3d5310f4966b7871478

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_powerpc.deb
      Size/MD5:  2396612 f3be6029861078af5aabb0c39760cbe2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/t/tomboy/tomboy_0.8.0-1ubuntu0.1_sparc.deb
      Size/MD5:  2388798 0aacedaf7c9a2b32ffa59562651df420



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.