Ubuntu 721-1: fglrx-installer vulnerability

    Date17 Feb 2009
    CategoryUbuntu
    67
    Posted ByLinuxSecurity Advisories
    Marko Lindqvist discovered that the fglrx installer created an unsafeLD_LIBRARY_PATH on 64bit systems. If a user were tricked into downloadingspecially crafted libraries and running commands in the same directory,a remote attacker could execute arbitrary code with user privileges. [More...]
    ===========================================================
    Ubuntu Security Notice USN-721-1          February 17, 2009
    fglrx-installer vulnerability
    https://launchpad.net/bugs/323327
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 8.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 8.10:
      xorg-driver-fglrx               2:8.543-0ubuntu4.1
    
    After a standard system upgrade you need to restart your session to effect
    the necessary changes.
    
    Details follow:
    
    Marko Lindqvist discovered that the fglrx installer created an unsafe
    LD_LIBRARY_PATH on 64bit systems.  If a user were tricked into downloading
    specially crafted libraries and running commands in the same directory,
    a remote attacker could execute arbitrary code with user privileges.
    
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.diff.gz
          Size/MD5:    26000 8fd05a4ab9e9f04c59ed5b731bcacd8b
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543-0ubuntu4.1.dsc
          Size/MD5:     1443 e7dee56d6c645ff3bce0c3093af205e3
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-installer_8.543.orig.tar.gz
          Size/MD5: 47046692 6abc8e86f1a00168ba8f43d58f71cb69
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_amd64.deb
          Size/MD5:    10938 8f0014e73c06b1fd0e586359067641c7
        http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_amd64.deb
          Size/MD5:   846038 8982e97324d57a3db0072123d2406a56
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_amd64.deb
          Size/MD5:  6630112 72d48d2e40f3bb63b7ad9b66367d5dca
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_amd64.deb
          Size/MD5:  1430276 cd88c1a040f050472b82406308e28ec5
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_amd64.deb
          Size/MD5:    83402 8b2fc26c7f1e2417613e543428d5b21f
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_amd64.deb
          Size/MD5: 17264298 e26cff93ff7eb4cddede61ea41b81aee
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/f/fglrx-installer/fglrx-modaliases_8.543-0ubuntu4.1_i386.deb
          Size/MD5:    10938 2fc0c5d1a8c799df60ee474b10e57e0a
        http://security.ubuntu.com/ubuntu/pool/multiverse/f/fglrx-installer/libamdxvba1_8.543-0ubuntu4.1_i386.deb
          Size/MD5:   412474 c23a19c9e238b0cc8986b98910c0da9d
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-amdcccle_8.543-0ubuntu4.1_i386.deb
          Size/MD5:  6749062 80263acaf045f9a196d8a2486dc42969
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/fglrx-kernel-source_8.543-0ubuntu4.1_i386.deb
          Size/MD5:  1368946 18257688f659b91d95746e1b509edc5d
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx-dev_8.543-0ubuntu4.1_i386.deb
          Size/MD5:    78658 537cc59d4b86274114f0eeb5febdf283
        http://security.ubuntu.com/ubuntu/pool/restricted/f/fglrx-installer/xorg-driver-fglrx_8.543-0ubuntu4.1_i386.deb
          Size/MD5: 11915472 d392662d6ecefae8992c12c0356b63fa
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.