Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: July 28th, 2014
Linux Advisory Watch: July 25th, 2014
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: libcdio vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Devon Miller discovered that the iso-info and cd-info tools did not properly perform bounds checking. If a user were tricked into using these tools with a crafted iso image, an attacker could cause a denial of service via a core dump, and possibly execute arbitrary code.
Ubuntu Security Notice USN-580-1          February 20, 2008
libcdio vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 6.10
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libcdio6                        0.76-1ubuntu1.6.06.1

Ubuntu 6.10:
  libcdio6                        0.76-1ubuntu1.6.10.1

Ubuntu 7.04:
  libcdio6                        0.76-1ubuntu2.7.04.1

Ubuntu 7.10:
  libcdio6                        0.76-1ubuntu2.7.10.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Devon Miller discovered that the iso-info and cd-info tools did not
properly perform bounds checking. If a user were tricked into using
these tools with a crafted iso image, an attacker could cause a
denial of service via a core dump, and possibly execute arbitrary

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:     4589 5269ab54d9e511ee96affd3a105e8490
      Size/MD5:      722 92bc1e7a65224dc7138aead2c45c9c90
      Size/MD5:  1821519 6d5f97847c8be003f4018dd2b5afe23d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   229090 1cf181a4f5e45d04f4c2c843d584651e
      Size/MD5:   126624 7ac26be54b8362ffe3efd48464685f2f
      Size/MD5:    96792 7ef8197fff4cd9fc1930a11d0d1594bc
      Size/MD5:    90670 893303f06d7091cd1410e8bd2976d4ca
      Size/MD5:    94982 60449eaf267304dd47c2a5699ddb3561
      Size/MD5:    91616 f71c76f4384bede51c32a0d5578726eb
      Size/MD5:    96318 393da121592cc528006001cd71cd9786
      Size/MD5:   113606 11178bb645f98dd5e97ff2239ce51972

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   217752 db9ca235cd3bc156810f6baa33645a36
      Size/MD5:   119546 8704de6369a647b23865ab0964957684
      Size/MD5:    94050 748e1f2ae5922192b1f079d64e884abd
      Size/MD5:    88836 50c7e84104a2cb1aef508efd8695fb86
      Size/MD5:    93424 57a430b257d12ab5ce30126271e239db
      Size/MD5:    90726 b716af32c6f60e453f2b4ed34b9aed76
      Size/MD5:    94858 b3366694d2f82fe18460aeb1b1d46161
      Size/MD5:   110506 c3424732452acad7395c2655f44f2be1

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   230758 e49019ff90b559bc08cdd3b0dd54a619
      Size/MD5:   125596 740d49cf915444ec7ca564b211bcb930
      Size/MD5:    96714 6b62f4587edbdcea8b287208d35e8137
      Size/MD5:    91802 2e94e296fedef6a4a53c755179f6f2e9
      Size/MD5:    94544 52d73c4a76c24588fe76eb91f3d9bf83
      Size/MD5:    92956 6fb3423e7f6444261a3742a34c1f2e4b
      Size/MD5:    99112 6c2ce0d3c13cc3a516b36aa4daf0ca45
      Size/MD5:   115752 71179f66fbfbe2bf9f0f43953990b2ec

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   223834 2d44b32a00b194d09fe0d63dd53726c9
      Size/MD5:   122474 f1d60a0a4ba3f97a4d96ab8f4435eeb5
      Size/MD5:    94478 3fc2f5e92ccb8127c2e7eb1e7581db88
      Size/MD5:    88720 4f74c2e383720e05a6c73b6daf4e3202
      Size/MD5:    93042 07b7f4b0a7444d238e5a02d084a0fbfd
      Size/MD5:    89958 aebef1589e5656f8fc08ee9dc3c6fc39
      Size/MD5:    96682 39ae3b8a651cbe365d1a203c43f2ffca
      Size/MD5:   113966 ad884717a6803bc0651b1ea52b05a6c9

Updated packages for Ubuntu 6.10:

  Source archives:
      Size/MD5:     4592 e4698e46e3c34f5a25fab5adb671e891
      Size/MD5:      722 1a75a10788565eef2b330ee865c59929
      Size/MD5:  1821519 6d5f97847c8be003f4018dd2b5afe23d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   228170 44f749dece53b10c5f31700283bd8b40
      Size/MD5:   126716 8a272d5589537f44ddb4dd9313dbe805
      Size/MD5:    97240 7d505e8e8d593558c1f02a2b64faa8f9
      Size/MD5:    91110 c25208aa2d3e863631582d77504d5061
      Size/MD5:    94826 b825ff382e299e78f3c221620f75b668
      Size/MD5:    91518 23f941e5b197723e915dc8d25487c1c4
      Size/MD5:    96754 ce6c90455a54b23aa65b97a144638d13
      Size/MD5:   113230 89f1a80488cc8d47dc18898a7abf1ebd

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   219310 dbdccc35bf55281e7fbb22d4060b31e2
      Size/MD5:   122222 0f6a73a0e127e7966feb54ab6b008350
      Size/MD5:    94698 63568826a50c57274d0fdbced4354af7
      Size/MD5:    89840 9442d68cac9a60e1e9da333b6505ea37
      Size/MD5:    93874 04194c33e9fbf87d6f55d3b44456a3f5
      Size/MD5:    91250 f4fdc8b2730096e7df41207a9d2fe1d7
      Size/MD5:    96580 dfce8bfb63341eff3f18bcd7f528be5d
      Size/MD5:   111724 9b5c23655571d56d0ec49c90f6d5453f

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   229046 1f00249603edf2c012da2ede95d1a919
      Size/MD5:   125206 e4425d25d90071d2806d0246cfe2ebb3
      Size/MD5:    97152 10456cceb12cd81b754d7bb277196c6c
      Size/MD5:    92334 66ea080880558b6d0ea9fc6cfd5c8ce2
      Size/MD5:    94614 570d7985017dcbc9036d29f0c5b5de14
      Size/MD5:    92942 c86fb1a81d13969b3ab7c57bb3bb0a67
      Size/MD5:    99556 1a07600bc296fa121c36f7f34263f416
      Size/MD5:   115630 9ac81944e4ed94fea3348a41647548b2

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   222608 651fa8462125a59b7105dd4509502d22
      Size/MD5:   121834 1c4274b627de56a1126802c48385e91b
      Size/MD5:    95040 6ab9beab2758b91cc120705c524ea144
      Size/MD5:    89204 af3b341ae8e0fe3988cd80788a9050e5
      Size/MD5:    92746 05346e587a56c08e24688f4d16a69447
      Size/MD5:    89588 090f13b4e4c7fa9c9958cd1c8c35240e
      Size/MD5:    96788 243133406b415a38751a40dffde8ebef
      Size/MD5:   113752 bf53aa1b7b443e3924d37798ede8cfac

Updated packages for Ubuntu 7.04:

  Source archives:
      Size/MD5:     4692 3c82a72e403167861fd8488e15331d94
      Size/MD5:      806 07180925a5d5e804aab5c1cf9b5ac55d
      Size/MD5:  1821519 6d5f97847c8be003f4018dd2b5afe23d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   228292 9f0647818822ff494efc0fd2d3a489c8
      Size/MD5:   128046 459831bfbcc8c60dc96bd43b9baa3d28
      Size/MD5:    97310 40a6160bbf5368958a2ac42412c07912
      Size/MD5:    91322 83d4871fcd5ce5a0040d541b90ec269f
      Size/MD5:    94894 4afcb4362aa3a97265ee1a2d0c70b67c
      Size/MD5:    91616 d8518915a453091c655088a7dc79e19a
      Size/MD5:    97252 1e2146af217f25bd3700dd60a1d7a88c
      Size/MD5:   113322 48eb1b0da5d208645b968255b6159248

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   219372 28bc5ce4b5625d65f0c739dce40e4c93
      Size/MD5:   123518 862a1caa87652a857eb0d173a2fa07dc
      Size/MD5:    94758 d4441ac56127e5b7ff88f96e866eb08d
      Size/MD5:    90012 12c1339e4fc6dfdfb1cfeba20329d4c6
      Size/MD5:    93908 a8578ed5e402558b449be3cb87eae9ad
      Size/MD5:    91326 ec844886e21747467152b5bc87dabb14
      Size/MD5:    97028 1a31760c2f135e0ec6531c9cdeff496b
      Size/MD5:   111774 41d307583361669e067256b77d8403c0

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   229074 9889bae6effdf2f1a96454171c0bd25a
      Size/MD5:   129468 eb0d456b121f61e602cca0dc4c873289
      Size/MD5:    97198 6bc807450941316eebeb5c17bbc3e019
      Size/MD5:    93502 347cd8ad4246adbeb6f5ecd370764c3a
      Size/MD5:    94664 a8f1ad28aa6b5929f01dd26151af16b5
      Size/MD5:    93940 b202dfaaf6e185ce6a2ff74ad24186a3
      Size/MD5:   101230 256ea121764cd00347f3f17fb69ffdac
      Size/MD5:   115672 c95258fd7117c1531d499b605c826423

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   222600 ee583af030addb39d55d44f3b74728ba
      Size/MD5:   122992 ea66913c9f4d61cfda51adce2fb29f43
      Size/MD5:    95088 e2deb48cf9c8a0bb56e088a7963d7528
      Size/MD5:    89374 61d0cd7585c436e9e40c09abdfc9e656
      Size/MD5:    92806 a78a6a250f705039030a903b7efbb5b8
      Size/MD5:    89696 8f70a36b727b0a87b48ce83fa83fcb80
      Size/MD5:    97228 e1e6e37d04d4307e4f2e33216eeb5637
      Size/MD5:   113790 c021a1b3f18be2ef179f65c64ca35f85

Updated packages for Ubuntu 7.10:

  Source archives:
      Size/MD5:     4686 9238145a334a56fa700cb0e6f2af749a
      Size/MD5:      806 2fdb9525b409e4b904db95b1ab77bdf9
      Size/MD5:  1821519 6d5f97847c8be003f4018dd2b5afe23d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   228624 45b5f39bb8ddf71b1acb1d95bde9fb5b
      Size/MD5:   128188 4405dc56cb535a30ec393b6293df8a63
      Size/MD5:    97406 ac1f9b8250c487454a6659e9f540bf44
      Size/MD5:    91344 a340f1a1d31da384f918889c52badd1d
      Size/MD5:    95038 8b506fd5b2aa44ab1a140abab4b598a9
      Size/MD5:    91560 97a087caa6240f9402ec47798c1a6aac
      Size/MD5:    97264 b48c5fca11c560ab080123768d3d1cba
      Size/MD5:   113396 27efdfd0bcf6da58af856ace8de4c5eb

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   219330 f47e3e717db362cce886c9087a496fd9
      Size/MD5:   123436 00e0e127e5ebf71cfafd503a3b0fb5a7
      Size/MD5:    94880 ffc1aa6c8a46134526b0c84c78cf9552
      Size/MD5:    90030 b205d809be5123acd91a9c239ce5ec9c
      Size/MD5:    93928 2422ebdc290e875338120937ee72691a
      Size/MD5:    91286 a2cc893cc7b4a435d272afd120d2f16e
      Size/MD5:    96982 4123dcb38fa72d32b5d9b8ebe218298b
      Size/MD5:   111810 cc0e1d0fbd9fdf83c2b256501dbc9a4c

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   229108 4677e2fe8a3c8bd565402b954bdf638b
      Size/MD5:   129434 978fe58a8883d26f339d57a0c2bb8342
      Size/MD5:    97356 098ce4d842e11221743a39a370a8dffb
      Size/MD5:    93602 ebd70dcd7eea5430e482aa9b154f2007
      Size/MD5:    94748 ae7831920f0382c71058c1afc3b346bd
      Size/MD5:    93918 4c3db1ab702da5ff507b84009204a949
      Size/MD5:   101178 0b30561c683c6d9c90925df674c81b06
      Size/MD5:   115706 8a69912d16336c89f8db03760e0700e1

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   222642 3119d03148e48e3ff654ad8d78b142d2
      Size/MD5:   122976 3553e71f1df324712d34d723dc764768
      Size/MD5:    95160 570f5adeb4738f802d32201ed40445b7
      Size/MD5:    89500 2f24ce23868dd66ae8a056a505763bc7
      Size/MD5:    92832 96f231aa6fccf5fb09e7e1bf1647506c
      Size/MD5:    89688 4e60b807f379e3fc0e80637c6d7c4570
      Size/MD5:    97224 010de1f73333cf0e9e65c49d4a715b7a
      Size/MD5:   113814 530adc55c918e7f1d28b9c4f16fefeda

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Ottawa Linux Symposium: May get by with a little help from its friends
Black Hat 2014: How to crack just about everything
NSA Playset, 911 hacked and war cats: A wild ride at DEF CON 22
More Details of Onion/Critroni Crypto Ransomware Emerge
Is there Another NSA Leaker? Updated
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.