LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 21st, 2014
Linux Security Week: April 7th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: LTSP vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
=========================================================== 
Ubuntu Security Notice USN-610-1               May 06, 2008
ltsp vulnerability
CVE-2008-1293
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.04
Ubuntu 7.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  ldm                             0.87.1

Ubuntu 7.04:
  ldm                             5.0.7.1

Ubuntu 7.10:
  ldm                             5.0.39.1

After a standard system upgrade you need to update your LTSP client chroots
to effect the necessary changes.  For more details, please see:
http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224

Details follow:

Christian Herzog discovered that it was possible to connect to any
LTSP client's X session over the network.  A remote attacker could
eavesdrop on X events, read window contents, and record keystrokes,
possibly gaining access to private information.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.dsc
      Size/MD5:      574 aa98ca636c72ae5baeb34de1a586a200
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.tar.gz
      Size/MD5:   199717 84d1b8c77a3bde8b30068c7365ff7b27

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_0.87.1_all.deb
      Size/MD5:    82966 442d19db7753c614b64d45ea270befd6
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_0.87.1_all.udeb
      Size/MD5:     1748 a2da20fc182480e35df03c2b0aa85598
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_0.87.1_all.deb
      Size/MD5:    13352 090bbcba5e3e66c1ffab0b0262cb895c
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_0.87.1_all.deb
      Size/MD5:    21894 63be6d1223a6f272cb9413fb64926f05

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_amd64.deb
      Size/MD5:    46442 dc8d11f8b2dd5a3a5a702512a221b4bc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_i386.deb
      Size/MD5:    41822 9820547fb8a0ae363891bdb5a7f367e0

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_powerpc.deb
      Size/MD5:    45826 80c458e417a2793035afe8a180ed332c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_sparc.deb
      Size/MD5:    43758 62778df1410b59e9581ffa70aadf56f2

Updated packages for Ubuntu 7.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.dsc
      Size/MD5:      576 31c3f3a26492f640874c5c200ab9cef2
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.tar.gz
      Size/MD5:   274699 07c4b25992551962e0a103be55096985

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.7.1_all.deb
      Size/MD5:   204270 f7adb6f9fc1ed6255222b7bccd6bb100
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_5.0.7.1_all.udeb
      Size/MD5:     2870 839f1f796627d40ad60df43057530d66
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_5.0.7.1_all.deb
      Size/MD5:    29224 552812e1820b5addc9b820de55b86080
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.7.1_all.deb
      Size/MD5:    55922 279d71b5ca502b98ed1a90a4a2662f4f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_amd64.deb
      Size/MD5:    60542 c862547c633f9840168ff0aa975e0cb7

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_i386.deb
      Size/MD5:    59076 3134e2afab500926da10729bccc256dc

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_powerpc.deb
      Size/MD5:    61248 09d0dbbe3e791b4fc4be44f8bba6c707

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_sparc.deb
      Size/MD5:    58886 88bec4664e587726c77828a011e86859

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.dsc
      Size/MD5:      691 f015b2c4aa06417afa91fdecd993c2f0
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.tar.gz
      Size/MD5:  2464651 b1e8b62039d0927b4e42a328973021c0

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_5.0.39.1_all.udeb
      Size/MD5:     3434 0d849820cefc4e98d7077919a92e5470
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.39.1_all.deb
      Size/MD5:    34440 fb5d1bcbf603d6fe79b0afe2e6514423
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_5.0.39.1_all.deb
      Size/MD5:    35288 1a005530bb7c27a98ddfdc3234e337ec
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.39.1_all.deb
      Size/MD5:    68314 40014f048d44f85bec76eddc5f33f905

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_amd64.deb
      Size/MD5:  1992710 f642050148c0787c0217e3571ce91234
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_amd64.deb
      Size/MD5:    69598 9affbccbec07643dfa4270727a07875e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_i386.deb
      Size/MD5:  1991780 da5e6870a0b72455a35bd0b5b1b8d3ed
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_i386.deb
      Size/MD5:    68374 461de2c89dc19f62d39bbfa6cec55e67

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/l/ltsp/ldm_5.0.39.1_lpia.deb
      Size/MD5:  1990848 9a2168237991d35d8d2074e98c407df0
    http://ports.ubuntu.com/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_lpia.deb
      Size/MD5:    66770 ec62db8d569b609bd0d49c2fbf214e89

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_powerpc.deb
      Size/MD5:  1995930 f45e7b5154af874eb7f1a29be3a3204a
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_powerpc.deb
      Size/MD5:    70242 8efd4b5f242777d854682c8969e568dd

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_sparc.deb
      Size/MD5:  1991858 40cbb244e05286a6fdb62221686397ab
    http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_sparc.deb
      Size/MD5:    67952 e7e226c3034036d5b16e837779750da3


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Fixing OpenSSL's Heartbleed flaw will take MONTHS, warns Secunia
Even the most secure cloud storage may not be so secure, study finds
Targeted Attack Uses Heartbleed to Hijack VPN Sessions
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.