drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in chkrootkit
| Name: |
Ausführen beliebiger Kommandos in chkrootkit |
|
| ID: |
USN-2230-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 10.04 LTS, Ubuntu 12.04 LTS, Ubuntu 13.10, Ubuntu 14.04 LTS |
|
| Datum: |
Mi, 4. Juni 2014, 18:32 |
|
| Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0476 |
|
| Applikationen: |
chkrootkit |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4206974309687640206==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="dsImvD5CHut3ewVkXC75KGJqX8EDLJQUp"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--dsImvD5CHut3ewVkXC75KGJqX8EDLJQUp
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable
==========================================================================
Ubuntu Security Notice USN-2230-1
June 04, 2014
chkrootkit vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 LTS
- Ubuntu 13.10
- Ubuntu 12.04 LTS
- Ubuntu 10.04 LTS
Summary:
chkrootkit could be made to run programs as an administrator.
Software Description:
- chkrootkit: rootkit detector
Details:
Thomas Stangner discovered that chkrootkit incorrectly quoted certain
values. A local attacker could use this issue to execute arbitrary code
when chkrootkit is run and gain root privileges.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 14.04 LTS:
chkrootkit 0.49-4.1ubuntu1.14.04.1
Ubuntu 13.10:
chkrootkit 0.49-4.1ubuntu1.13.10.1
Ubuntu 12.04 LTS:
chkrootkit 0.49-4ubuntu1.1
Ubuntu 10.04 LTS:
chkrootkit 0.49-3ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2230-1
CVE-2014-0476
Package Information:
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4.1ubuntu1.14.04.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4.1ubuntu1.13.10.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4ubuntu1.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-3ubuntu0.1
--dsImvD5CHut3ewVkXC75KGJqX8EDLJQUp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCgAGBQJTjy59AAoJEGVp2FWnRL6TvfYP/3E+GrNSFhus9Rtk/VKq4uXZ
DOm5hy+PisIMnsJFQHTBHarmW42v5rg6jRB5TCO3DaQvCsGjYwsGKaBa0K3VG302
A47Z1xoPcGgff5lKcjPM2Y0IJsEYwkX1Bq0LDvQpxIsbZG+lK1FbDEUO1Kpg2Jl2
7WdEts8Yr+/nLDczKN3qP+/pNBmhCu5a3sGfuAlWvS5UIhVPrfMkhzZTNXgOOcBp
za5J4+GP0BWWyCOXReuAeErQoIlDhqUg+ny8+oO0AwMRH4OLoumE+mvtjU4hMzMp
652bLfaQ0yq82B9GmqFlKLv74TcAlYO1V1KLMrrFON0yI7y1StNy6G8tLqUDu78t
j8al7KQ1Bwedf4oOwfIrplhnA99z/oeX3D5/6RtlhQ6F3JqPsnbx+nElHWlcHsRT
c/pOUQ6yO8N4egjBV9/5yE1tw5UjTRSqbP7auggVb3kDvDqCxyRb7EXRS97kpOGZ
3Bhn8pW0mCmeZ9UkkNIidj+6Jarc3mYcwcupJZRlbRw8Qg4iogPUSS+3TvRYEfYl
orSYqk3RdHfzRARLRsnJhiDSHHYfzGfK55XixAacm+UqdYnu48XNZilki+WG8YqY
8jJ3T8q0Pk5w066bVqvZoOw4JKNwMZCas2U1C4yrX+3Ri2EdD0ZG0L7Niu3n+VjG
kXaZe6mgZme0i9w7d98k
=Fhun
-----END PGP SIGNATURE-----
--dsImvD5CHut3ewVkXC75KGJqX8EDLJQUp--
--===============4206974309687640206==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4206974309687640206==--
|
|
|
|
