Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2008.1144 -- [Linux][Ubuntu] shadow vulnerability 22 January 2009 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: shadow Publisher: Ubuntu Operating System: Ubuntu Linux variants Impact: Root Compromise Modify Arbitrary Files Access: Existing Account CVE Names: CVE-2008-5394 Original Bulletin: http://www.ubuntu.com/usn/usn-695-1 Comment: This advisory references vulnerabilities in products which run on platforms other than Ubuntu. It is recommended that administrators running shadow check for an updated version of the software for their operating system. Revision History: January 22 2009: Added CVE December 19 2008: Initial Release - --------------------------BEGIN INCLUDED TEXT-------------------- =========================================================== Ubuntu Security Notice USN-695-1 December 18, 2008 shadow vulnerability https://launchpad.net/bugs/306082 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 7.10 Ubuntu 8.04 LTS Ubuntu 8.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: login 1:4.0.13-7ubuntu3.4 Ubuntu 7.10: login 1:4.0.18.1-9ubuntu0.2 Ubuntu 8.04 LTS: login 1:4.0.18.2-1ubuntu2.2 Ubuntu 8.10: login 1:4.1.1-1ubuntu1.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Paul Szabo discovered a race condition in login. While setting up tty permissions, login did not correctly handle symlinks. If a local attacker were able to gain control of the system utmp file, they could cause login to change the ownership and permissions on arbitrary files, leading to a root privilege escalation. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.4.diff.gz Size/MD5: 205508 177620b33b720ce87d522259acbdbe0c http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.4.dsc Size/MD5: 931 673a51cff0b63fd347c79c9545ea0fe4 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13.orig.tar.gz Size/MD5: 1622557 034fab52e187e63cb52f153bb7f304c8 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_amd64.deb Size/MD5: 249668 c5c19a139a5fe912d19076866078c6e0 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_amd64.deb Size/MD5: 683786 f2ef6413b8c60d9b6a586599fe2e8b1e i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_i386.deb Size/MD5: 241052 31d9c29d22a4a01a8de1a629d4797165 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_i386.deb Size/MD5: 616702 e2237b8c7b6f8ec8d685caa31a2f58ab powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_powerpc.deb Size/MD5: 251530 f8d7a2e2ba0ac5eeaae53d37a9d99049 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_powerpc.deb Size/MD5: 665414 4d377d684bc618ca3c7e20521ea03a4e sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.4_sparc.deb Size/MD5: 240128 8a61b5741da03dbf64f97796461a7c5e http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.4_sparc.deb Size/MD5: 620410 b3c418caa6b787c682df86bc965613db Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.2.diff.gz Size/MD5: 147849 23e5cd2a20460c6083d4e99afd93bb1b http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.2.dsc Size/MD5: 1199 c86a0638f6f64d4214f212ff0381a86d http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1.orig.tar.gz Size/MD5: 2354234 3f54eaa3a35e7c559f4def92e9957581 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_amd64.deb Size/MD5: 327468 c80b850497e00c01d8ad3817e8e7c9ad http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_amd64.deb Size/MD5: 795952 e72d9d7ad5ca2f5f79085320d27881cd i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_i386.deb Size/MD5: 320296 b1e64e3bd6f567babba9b0ffed18b023 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_i386.deb Size/MD5: 716214 5d1ce7904c45af4807721bcccf89049c lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_lpia.deb Size/MD5: 317166 9de8c0a5c50fa7a2fda13391fc01a964 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_lpia.deb Size/MD5: 709846 09a444f189c84cc2a705150a2a19a315 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_powerpc.deb Size/MD5: 328522 8b789214c1bad2adeb6d6cac6d144328 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_powerpc.deb Size/MD5: 875102 b826c09b6c350f042d806d08d6938985 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.2_sparc.deb Size/MD5: 322280 3f261d57f53586f41dbf24ccb763e271 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.2_sparc.deb Size/MD5: 725368 1938c47ed00d6c61f7f894007913fb1d Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.2.diff.gz Size/MD5: 92077 51723ec03a188d4555432ef40b5a268c http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.2.dsc Size/MD5: 1198 14aabe595aa640566e039ce5d7b88609 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2.orig.tar.gz Size/MD5: 2501791 c3cf8814cc1323ecafd953b00efcba50 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.2_amd64.deb Size/MD5: 261606 38e45bdb1fde3a86340c9a59c784fca5 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.2_amd64.deb Size/MD5: 645358 62f105961813e116e39ed72598f14cce i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.2_i386.deb Size/MD5: 254994 aa4ba870bfa429cdf0daa536cf812b48 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.2_i386.deb Size/MD5: 566224 78cf449b34cdc469d6160744b0760580 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.2_lpia.deb Size/MD5: 253888 1361c82d9160b2363498b29970c3097c http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.2_lpia.deb Size/MD5: 565516 1b1eb3a66c5affac3aa2d3e8d05a1dca powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.2_powerpc.deb Size/MD5: 263192 72ffd5db9593977853411bae2d18a0de http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.2_powerpc.deb Size/MD5: 716834 cffc739a0973e3b3734230b54859df7e sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.2_sparc.deb Size/MD5: 257810 bbdf85235702fadafa9b37f00b1efbc9 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.2_sparc.deb Size/MD5: 576152 83b0c027aa795de013f6871eeff98e4a Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.2.diff.gz Size/MD5: 77622 dabd096ca5702a135a5acd3a0880c531 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.2.dsc Size/MD5: 1702 9053a1d80e62094f26ec59faaca35b62 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1.orig.tar.gz Size/MD5: 2720267 ae893c18fdb0a89bc7991ba1098f1446 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.2_amd64.deb Size/MD5: 308248 711dcfbd810768ad4d79fb1e79ce5381 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.2_amd64.deb Size/MD5: 884738 5f5c5e103b3778fd71bc0bce34812f9c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.2_i386.deb Size/MD5: 300116 6054891c2fa6696a988c60afe210a6b7 http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.2_i386.deb Size/MD5: 786698 6c2388896a74626a1345fb8145ca435f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.2_lpia.deb Size/MD5: 299906 5ccff11dc0ff9f9d81178f202825b21e http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.2_lpia.deb Size/MD5: 786080 936aaf3bfdeb2aa5f20bc5b3b7e61eb5 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.2_powerpc.deb Size/MD5: 305770 847b80b6b2c38b24f2063dcd18a27514 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.2_powerpc.deb Size/MD5: 901244 4723c45886c8b85e9a4c3ca0d7855642 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.2_sparc.deb Size/MD5: 303600 1c344fe84a0ea1c02b1537bb9b80d069 http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.2_sparc.deb Size/MD5: 813906 072f654264098e9ca0058e3362e6f4ee - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 If you believe that your computer system has been compromised or attacked in any way, we encourage you to let us know by completing the secure National IT Incident Reporting Form at: http://www.auscert.org.au/render.html?it=3192 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQCVAwUBSXfCvSh9+71yA2DNAQLTiwQAmCu9w0Q1HJsMgHYoe2wbUaTUelZiXVm1 dAiYG9DJQVrR1uz2ml/BBzCjCqrrECNycHBOX22IJAXi067w1cSAJRSun/5OxtL5 8A+lfKSd06lmLBh+Koqa+fE2lvfZ1N7Fo7Nb8wT0wf0SfzXkmiz+BXFPTe/pHIOg 6OYat1Ib1FY= =UXJr -----END PGP SIGNATURE-----