Ubuntu: tcp-wrappers vulnerability

    Date29 Aug 2007
    CategoryUbuntu
    6559
    Posted ByLinuxSecurity Advisories
    It was discovered that the TCP wrapper library was incorrectly allowing connections to services that did not specify server-side connection details. Remote attackers could connect to services that had been configured to block such connections. This only affected Ubuntu Feisty.
    =========================================================== 
    Ubuntu Security Notice USN-507-1            August 30, 2007
    tcp-wrappers vulnerability
    https://launchpad.net/bugs/135332
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 7.04
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 7.04:
      libwrap0                        7.6.dbs-11ubuntu0.1
    
    In general, a standard system upgrade is sufficient to effect the
    necessary changes.
    
    Details follow:
    
    It was discovered that the TCP wrapper library was incorrectly allowing
    connections to services that did not specify server-side connection
    details.  Remote attackers could connect to services that had been
    configured to block such connections.  This only affected Ubuntu Feisty.
    
    
    Updated packages for Ubuntu 7.04:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.diff.gz
          Size/MD5:    51563 a66ffe0947add0d626dc9d813298c931
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.dsc
          Size/MD5:      784 4430f26d95e93408a174206b2da912d2
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz
          Size/MD5:    99548 3a8f32fa7a030d84c7260578ffb46c29
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_amd64.deb
          Size/MD5:    37234 297a97e32256bfd222a08b7a249fca50
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_amd64.deb
          Size/MD5:    30876 81ab1ff3bc887cba421857b92599f064
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_amd64.deb
          Size/MD5:    80144 c502d7ca97203abef9d8468ae14a2751
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_i386.deb
          Size/MD5:    34432 64f1a0e9d0dc0dd2eae5af32d35e8a2b
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_i386.deb
          Size/MD5:    29374 31f7af2847ae763f268c0f3a4c683335
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_i386.deb
          Size/MD5:    78086 8ee708787754927c56bed98631cc739c
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_powerpc.deb
          Size/MD5:    37028 62d8517de1af829ebd5baf0cc39d2cbb
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_powerpc.deb
          Size/MD5:    32804 0cc1db9a4c4f5577a99e887d8094c86a
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_powerpc.deb
          Size/MD5:    87362 54d419fa50c66cad5c04ad2ca3ed4163
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_sparc.deb
          Size/MD5:    35094 e400ccb9a4c8f78c1e451d5a3602958f
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_sparc.deb
          Size/MD5:    28856 abe647adb76cba044f17786e028da758
        http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_sparc.deb
          Size/MD5:    79062 e6e97f4e4e585dfaef10f08a1608952b
    
    
    --r5lq+205vWdkqwtk
    Content-Type: application/pgp-signature; name="signature.asc"
    Content-Description: Digital signature
    Content-Disposition: inline
    
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)
    
    iD8DBQFG1gmyH/9LqRcGPm0RAmoSAKCLE8+tlh75Kdc+pTsfdtN/7tiZMACeNZOi
    6kLjlajPULvH6ymFRm846g4=RZvk
    -----END PGP SIGNATURE-----
    
    --r5lq+205vWdkqwtk--
    
    
    --==============$93301513909770005=Content-Type: text/plain; charset="us-ascii"
    MIME-Version: 1.0
    Content-Transfer-Encoding: 7bit
    Content-Disposition: inline
    
    --
    ubuntu-security-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
    
    --==============$93301513909770005==--
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"23","type":"x","order":"1","pct":56.1,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.2,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":31.71,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.