LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1107-1: x11-xserver-utils vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Sebastian Krahmer discovered that the xrdb utility incorrectly filteredcrafted hostnames. An attacker could use this flaw with a maliciousDHCP server or with a remote xdmcp login and execute arbitrary code,resulting in root privilege escalation. [More...]
===========================================================
Ubuntu Security Notice USN-1107-1            April 06, 2011
x11-xserver-utils vulnerability
CVE-2011-0465
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  x11-xserver-utils               7.3+2ubuntu0.1

Ubuntu 9.10:
  x11-xserver-utils               7.4+2ubuntu3.1

Ubuntu 10.04 LTS:
  x11-xserver-utils               7.5+1ubuntu2.1

Ubuntu 10.10:
  x11-xserver-utils               7.5+2ubuntu1.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

Details follow:

Sebastian Krahmer discovered that the xrdb utility incorrectly filtered
crafted hostnames. An attacker could use this flaw with a malicious
DHCP server or with a remote xdmcp login and execute arbitrary code,
resulting in root privilege escalation.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1.dsc
      Size/MD5:     1855 ed72ba7905552c8ad970eb9b6ea65735
    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1.tar.gz
      Size/MD5:  1993520 fbcfdc97544d06d5956b553f154024a9

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1_amd64.deb
      Size/MD5:   188578 55c51ac356a4c206986993426ef9c89a

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1_i386.deb
      Size/MD5:   173526 cff268921d0c6c4b0be4bd053c7a32ca

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1_lpia.deb
      Size/MD5:   174206 537c0ee33f027fe77b2d988a19addc98

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1_powerpc.deb
      Size/MD5:   223124 32704bc7de76ad266f152cd26a20799c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.3+2ubuntu0.1_sparc.deb
      Size/MD5:   178220 ef7a7a8d0342e3453b00ee574c7f6f8e

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1.dsc
      Size/MD5:     2098 a8f51b5ddeb65b629fb7d3e37921bdb7
    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1.tar.gz
      Size/MD5:  2027496 28363c3d291c9f299e40757abbd2ec11

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_amd64.deb
      Size/MD5:   204686 4c3899eabc2a94b9e3885e61aa8b435d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_i386.deb
      Size/MD5:   187160 a4493402abed14adba7e186e33117d86

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_armel.deb
      Size/MD5:   189234 4d203c561b9c8fe91b50099e8c87cc11

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_lpia.deb
      Size/MD5:   185760 7acee417b2aee7c54ff7f3eed1301a9e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_powerpc.deb
      Size/MD5:   197428 4e7151586bc4139098c820c1d1b812a3

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.4+2ubuntu3.1_sparc.deb
      Size/MD5:   196292 29e6bf5806bf8a492dbde60e48281fae

Updated packages for Ubuntu 10.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1.dsc
      Size/MD5:     2053 af668fc46b52cbbb8fce94579db91662
    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1.tar.gz
      Size/MD5:  2017972 d68d1519793de89571ed5c78eae9dd1c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1_amd64.deb
      Size/MD5:   185406 db3596b0abcd26fe8569687bf790d016

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1_i386.deb
      Size/MD5:   170078 7e6ea917d730b4b54bba69e4e3df533c

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1_armel.deb
      Size/MD5:   171114 a3281fd14dea567b7879ebe2c5782087

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1_powerpc.deb
      Size/MD5:   180332 eb5deb911bd3098f6969e4c758bc5a07

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+1ubuntu2.1_sparc.deb
      Size/MD5:   182876 98a7170dd299c3d54b7d1b38f43e1058

Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1.dsc
      Size/MD5:     2050 89b42bbb00b6f26578c875da2b0fd26c
    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1.tar.gz
      Size/MD5:  2114046 fd0986fe6eced94861a5b5d012ee5e0b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1_amd64.deb
      Size/MD5:   185918 70308628801d2bca8c67d2941422e4fe

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1_i386.deb
      Size/MD5:   170444 3da72942a1f2351e1f2d9616402b3f9a

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1_armel.deb
      Size/MD5:   180638 dfef48402643a2c0d6d718db0023dcb7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/x/x11-xserver-utils/x11-xserver-utils_7.5+2ubuntu1.1_powerpc.deb
      Size/MD5:   180626 9e15d1f000b142344835c57179307227




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.