Ubuntu: LTSP vulnerability

    Date06 May 2008
    CategoryUbuntu
    5251
    Posted ByLinuxSecurity Advisories
    Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information.
    =========================================================== 
    Ubuntu Security Notice USN-610-1               May 06, 2008
    ltsp vulnerability
    CVE-2008-1293
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 7.04
    Ubuntu 7.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      ldm                             0.87.1
    
    Ubuntu 7.04:
      ldm                             5.0.7.1
    
    Ubuntu 7.10:
      ldm                             5.0.39.1
    
    After a standard system upgrade you need to update your LTSP client chroots
    to effect the necessary changes.  For more details, please see:
    http://doc.ubuntu.com/edubuntu/edubuntu/handbook/C/ltsp-updates.html#id531224
    
    Details follow:
    
    Christian Herzog discovered that it was possible to connect to any
    LTSP client's X session over the network.  A remote attacker could
    eavesdrop on X events, read window contents, and record keystrokes,
    possibly gaining access to private information.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.dsc
          Size/MD5:      574 aa98ca636c72ae5baeb34de1a586a200
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_0.87.1.tar.gz
          Size/MD5:   199717 84d1b8c77a3bde8b30068c7365ff7b27
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_0.87.1_all.deb
          Size/MD5:    82966 442d19db7753c614b64d45ea270befd6
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_0.87.1_all.udeb
          Size/MD5:     1748 a2da20fc182480e35df03c2b0aa85598
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_0.87.1_all.deb
          Size/MD5:    13352 090bbcba5e3e66c1ffab0b0262cb895c
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_0.87.1_all.deb
          Size/MD5:    21894 63be6d1223a6f272cb9413fb64926f05
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_amd64.deb
          Size/MD5:    46442 dc8d11f8b2dd5a3a5a702512a221b4bc
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_i386.deb
          Size/MD5:    41822 9820547fb8a0ae363891bdb5a7f367e0
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_powerpc.deb
          Size/MD5:    45826 80c458e417a2793035afe8a180ed332c
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_0.87.1_sparc.deb
          Size/MD5:    43758 62778df1410b59e9581ffa70aadf56f2
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.dsc
          Size/MD5:      576 31c3f3a26492f640874c5c200ab9cef2
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.7.1.tar.gz
          Size/MD5:   274699 07c4b25992551962e0a103be55096985
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.7.1_all.deb
          Size/MD5:   204270 f7adb6f9fc1ed6255222b7bccd6bb100
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_5.0.7.1_all.udeb
          Size/MD5:     2870 839f1f796627d40ad60df43057530d66
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_5.0.7.1_all.deb
          Size/MD5:    29224 552812e1820b5addc9b820de55b86080
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.7.1_all.deb
          Size/MD5:    55922 279d71b5ca502b98ed1a90a4a2662f4f
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_amd64.deb
          Size/MD5:    60542 c862547c633f9840168ff0aa975e0cb7
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_i386.deb
          Size/MD5:    59076 3134e2afab500926da10729bccc256dc
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_powerpc.deb
          Size/MD5:    61248 09d0dbbe3e791b4fc4be44f8bba6c707
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.7.1_sparc.deb
          Size/MD5:    58886 88bec4664e587726c77828a011e86859
    
    Updated packages for Ubuntu 7.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.dsc
          Size/MD5:      691 f015b2c4aa06417afa91fdecd993c2f0
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp_5.0.39.1.tar.gz
          Size/MD5:  2464651 b1e8b62039d0927b4e42a328973021c0
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-builder_5.0.39.1_all.udeb
          Size/MD5:     3434 0d849820cefc4e98d7077919a92e5470
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client_5.0.39.1_all.deb
          Size/MD5:    34440 fb5d1bcbf603d6fe79b0afe2e6514423
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server-standalone_5.0.39.1_all.deb
          Size/MD5:    35288 1a005530bb7c27a98ddfdc3234e337ec
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-server_5.0.39.1_all.deb
          Size/MD5:    68314 40014f048d44f85bec76eddc5f33f905
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_amd64.deb
          Size/MD5:  1992710 f642050148c0787c0217e3571ce91234
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_amd64.deb
          Size/MD5:    69598 9affbccbec07643dfa4270727a07875e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_i386.deb
          Size/MD5:  1991780 da5e6870a0b72455a35bd0b5b1b8d3ed
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_i386.deb
          Size/MD5:    68374 461de2c89dc19f62d39bbfa6cec55e67
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/l/ltsp/ldm_5.0.39.1_lpia.deb
          Size/MD5:  1990848 9a2168237991d35d8d2074e98c407df0
        http://ports.ubuntu.com/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_lpia.deb
          Size/MD5:    66770 ec62db8d569b609bd0d49c2fbf214e89
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_powerpc.deb
          Size/MD5:  1995930 f45e7b5154af874eb7f1a29be3a3204a
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_powerpc.deb
          Size/MD5:    70242 8efd4b5f242777d854682c8969e568dd
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ldm_5.0.39.1_sparc.deb
          Size/MD5:  1991858 40cbb244e05286a6fdb62221686397ab
        http://security.ubuntu.com/ubuntu/pool/main/l/ltsp/ltsp-client-core_5.0.39.1_sparc.deb
          Size/MD5:    67952 e7e226c3034036d5b16e837779750da3
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":53.49,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":11.63,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"15","type":"x","order":"3","pct":34.88,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.