Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > bugtraq > 07 > 080943.html (Request Expert securityfocus.com Support)

[USN-507-1] tcp-wrappers vulnerability

From: Kees Cook <kees(at)ubuntu.com>
Date: Wed Aug 29 2007 - 20:05:07 EDT


Ubuntu Security Notice USN-507-1 August 30, 2007 tcp-wrappers vulnerability
https://launchpad.net/bugs/135332

A security issue affects the following Ubuntu releases:

Ubuntu 7.04

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 7.04: 

  libwrap0                        7.6.dbs-11ubuntu0.1

In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Do you need help?X

It was discovered that the TCP wrapper library was incorrectly allowing connections to services that did not specify server-side connection details. Remote attackers could connect to services that had been configured to block such connections. This only affected Ubuntu Feisty.

Updated packages for Ubuntu 7.04:

  Source archives: 

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.diff.gz
      Size/MD5:    51563 a66ffe0947add0d626dc9d813298c931
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.dsc
      Size/MD5:      784 4430f26d95e93408a174206b2da912d2
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz
      Size/MD5:    99548 3a8f32fa7a030d84c7260578ffb46c29

  amd64 architecture (Athlon64, Opteron, EM64T Xeon): 

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    37234 297a97e32256bfd222a08b7a249fca50
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    30876 81ab1ff3bc887cba421857b92599f064
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_amd64.deb
      Size/MD5:    80144 c502d7ca97203abef9d8468ae14a2751

  i386 architecture (x86 compatible Intel/AMD): 

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    34432 64f1a0e9d0dc0dd2eae5af32d35e8a2b
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    29374 31f7af2847ae763f268c0f3a4c683335
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_i386.deb
      Size/MD5:    78086 8ee708787754927c56bed98631cc739c

  powerpc architecture (Apple Macintosh G3/G4/G5): 

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    37028 62d8517de1af829ebd5baf0cc39d2cbb
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    32804 0cc1db9a4c4f5577a99e887d8094c86a
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_powerpc.deb
      Size/MD5:    87362 54d419fa50c66cad5c04ad2ca3ed4163

  sparc architecture (Sun SPARC/UltraSPARC): 

    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    35094 e400ccb9a4c8f78c1e451d5a3602958f
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    28856 abe647adb76cba044f17786e028da758
    
http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_sparc.deb
      Size/MD5:    79062 e6e97f4e4e585dfaef10f08a1608952b
Received on Thu Aug 30 11:09:58 2007

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:13:55 EDT

Do you need more help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library