drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in dash
Name: |
Ausführen beliebiger Kommandos in dash |
|
ID: |
USN-732-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 8.04 LTS, Ubuntu 8.10 |
|
Datum: |
Mi, 11. März 2009, 21:03 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0854 |
|
Applikationen: |
Debian Almquist Shell |
|
Originalnachricht |
--===============7738638730351508011== Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-UJW/IxyRJzuGmm9cjozh"
--=-UJW/IxyRJzuGmm9cjozh Content-Type: text/plain Content-Transfer-Encoding: quoted-printable
Ubuntu Security Notice USN-732-1 March 10, 2009========================================================== dash vulnerability CVE-2009-0854 ========================================================== A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS Ubuntu 8.10
This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the following package versions:
Ubuntu 8.04 LTS: dash 0.5.4-8ubuntu1.1
Ubuntu 8.10: dash 0.5.4-9ubuntu1.1
In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Wolfgang M. Reimer discovered that dash, when invoked as a login shell, wou= ld source .profile files from the current directory. Local users may be able t= o bypass security restrictions and gain root privileges by placing specially crafted .profile files where they might get sourced by other dash users.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.= 1.diff.gz Size/MD5: 171656 5f74e0a922546193a9e6279ad8680c76 http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.= 1.dsc Size/MD5: 697 e78236937fea17c0c7a43427321b1ce6 http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4.orig.tar.= gz Size/MD5: 212145 bc457e490a589d2f87f2333616b67931
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dash/ash_0.5.4-8ubunt= u1.1_all.deb Size/MD5: 22068 82557822348627c1b240069e431886e2
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.= 1_amd64.deb Size/MD5: 96918 b8d43124e5353042c7fd93fcc5c19cc9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-8ubuntu1.= 1_i386.deb Size/MD5: 87952 6bc4578aea92450f8e00625fd7a7755a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_lpia.deb Size/MD5: 88194 a90de1a5dedb9cbaeb65537e8e933356
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_powerpc.= deb Size/MD5: 97400 5e2187820648d980b4edaa4e4a71b6c5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-8ubuntu1.1_sparc.de= b Size/MD5: 91072 dc5e22376445e185eacdaa049421c866
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.= 1.diff.gz Size/MD5: 129759 b5363e9ff9550e89dec4be8ddc408607 http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.= 1.dsc Size/MD5: 1083 dc87a11f64c53960ffb1f55dc42a253f http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4.orig.tar.= gz Size/MD5: 212145 bc457e490a589d2f87f2333616b67931
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/universe/d/dash/ash_0.5.4-9ubunt= u1.1_all.deb Size/MD5: 22286 9a34d34a67d46b8fa42584a2a7d61f76
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.= 1_amd64.deb Size/MD5: 99406 8703819fce4bc25f65caa350de05763c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/d/dash/dash_0.5.4-9ubuntu1.= 1_i386.deb Size/MD5: 90266 9d8931f5ef08f4d649127db0ab644f8e
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_lpia.deb Size/MD5: 90322 a0db897e7a7c5a7706d71674bad025ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_powerpc.= deb Size/MD5: 99500 a583f4a7fc59a7495cb3615c4af54b05
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/d/dash/dash_0.5.4-9ubuntu1.1_sparc.de= b Size/MD5: 93030 1bd3a8c0907e56cb2ed17c572e61842b
--=-UJW/IxyRJzuGmm9cjozh Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkm2m1gACgkQLMAs/0C4zNqpSgCeLpcCwv2HxQbBl47MmmbGyyJn FHIAnAqxJRRcam0OyXgwgOY+WuUpfvld =cZeU -----END PGP SIGNATURE-----
--=-UJW/IxyRJzuGmm9cjozh--
--===============7738638730351508011== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============7738638730351508011==--
|
|
|
|