You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa chkrootkit

Sigurnosni nedostatak programskog paketa chkrootkit

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2230-1
June 04, 2014

chkrootkit vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 13.10
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

chkrootkit could be made to run programs as an administrator.

Software Description:
– chkrootkit: rootkit detector

Details:

Thomas Stangner discovered that chkrootkit incorrectly quoted certain
values. A local attacker could use this issue to execute arbitrary code
when chkrootkit is run and gain root privileges.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
chkrootkit 0.49-4.1ubuntu1.14.04.1

Ubuntu 13.10:
chkrootkit 0.49-4.1ubuntu1.13.10.1

Ubuntu 12.04 LTS:
chkrootkit 0.49-4ubuntu1.1

Ubuntu 10.04 LTS:
chkrootkit 0.49-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2230-1
CVE-2014-0476

Package Information:
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4.1ubuntu1.14.04.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4.1ubuntu1.13.10.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-4ubuntu1.1
https://launchpad.net/ubuntu/+source/chkrootkit/0.49-3ubuntu0.1

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird – http://www.enigmail.net/

iQIcBAEBCgAGBQJTjy59AAoJEGVp2FWnRL6TvfYP/3E+GrNSFhus9Rtk/VKq4uXZ
DOm5hy+PisIMnsJFQHTBHarmW42v5rg6jRB5TCO3DaQvCsGjYwsGKaBa0K3VG302
A47Z1xoPcGgff5lKcjPM2Y0IJsEYwkX1Bq0LDvQpxIsbZG+lK1FbDEUO1Kpg2Jl2
7WdEts8Yr+/nLDczKN3qP+/pNBmhCu5a3sGfuAlWvS5UIhVPrfMkhzZTNXgOOcBp
za5J4+GP0BWWyCOXReuAeErQoIlDhqUg+ny8+oO0AwMRH4OLoumE+mvtjU4hMzMp
652bLfaQ0yq82B9GmqFlKLv74TcAlYO1V1KLMrrFON0yI7y1StNy6G8tLqUDu78t
j8al7KQ1Bwedf4oOwfIrplhnA99z/oeX3D5/6RtlhQ6F3JqPsnbx+nElHWlcHsRT
c/pOUQ6yO8N4egjBV9/5yE1tw5UjTRSqbP7auggVb3kDvDqCxyRb7EXRS97kpOGZ
3Bhn8pW0mCmeZ9UkkNIidj+6Jarc3mYcwcupJZRlbRw8Qg4iogPUSS+3TvRYEfYl
orSYqk3RdHfzRARLRsnJhiDSHHYfzGfK55XixAacm+UqdYnu48XNZilki+WG8YqY
8jJ3T8q0Pk5w066bVqvZoOw4JKNwMZCas2U1C4yrX+3Ri2EdD0ZG0L7Niu3n+VjG
kXaZe6mgZme0i9w7d98k
=Fhun
—–END PGP SIGNATURE—–

AutorMarijo Plepelic
Cert idNCERT-REF-2014-06-0012-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa sendmail

Otkriven je sigurnosni nedostatak u programskom paketu sendmail. Otkriveni nedostatak potencijalnim napadačima omogućuje utjecaj na otvorenu SMTP konekciju. Svim korisnicima...

Close