[Message Precedent sur la mailing][Message Suivant sur la mailing][Precedent dans le fil][Prochain dans le fil][Index par Date][Index par fil] [SA32566] Ubuntu update for system-tools-backends


Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
link://[click]





TITLE:
Ubuntu update for system-tools-backends



SECUNIA ADVISORY ID:
SA32566



VERIFY ADVISORY:
link://[click]



CRITICAL:
Not critical



IMPACT:
Brute force



WHERE:
From remote



OPERATING SYSTEM:
Ubuntu Linux 8.10
link://[click]



DESCRIPTION:
Ubuntu has issued an update for system-tools-backend. This fixes a
weakness, which can be exploited by malicious people to conduct brute
force attacks.



The weakness is caused due to the "Users and Groups" tool using 3DES
instead of MD5 when setting passwords for users. This may weaken the
security as passwords are limited to 8 characters.



SOLUTION:
Apply updated packages.



-- Ubuntu 8.10 --

Source archives:

link://[click]
Size/MD5: 11981 0a9e19e908466dca073aafdbca052e10
link://[click]
Size/MD5: 1585 cc8c71def106ad81fa59c45bae82790d
link://[click]
Size/MD5: 567711 913530493fa6cff6e797f4c888641d42

Architecture independent packages:

link://[click]
Size/MD5: 14022 b1ba12e53953c0ee1449a8605232fabb

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

link://[click]
Size/MD5: 113012 89e50d2b48202e6e5b4c2da8b06dff1c

i386 architecture (x86 compatible Intel/AMD):

link://[click]
Size/MD5: 111786 f4f2c2a8808320cde6b1ee8105550dec

lpia architecture (Low Power Intel Architecture):

link://[click]
Size/MD5: 111740 23882632c5460e7afbc3e04c6782c8dc

powerpc architecture (Apple Macintosh G3/G4/G5):

link://[click]
Size/MD5: 114390 1fcb07972e510878a1cb8668efb26f5b

sparc architecture (Sun SPARC/UltraSPARC):

link://[click]
Size/MD5: 112456 6e27917fa2fa9371f518e9f04cc34c6d

PROVIDED AND/OR DISCOVERED BY:
Reported in a bug by Ivan Zorin.





ORIGINAL ADVISORY:
USN-663-1:
link://[click]





About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.



Subscribe:
link://[click]



Definitions: (Criticality, Where etc.)
link://[click]




Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.


Secunia NEVER sends attached files with advisories.


Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Precedent par Date: [SA32567] Adobe ColdFusion Sandbox Security Bypass Vulnerability
Suivant par Date: [SA32518] Fedora update for ktorrent
Precedent par fil : [SA32567] Adobe ColdFusion Sandbox Security Bypass Vulnerability
Suivant par fil : [SA32518] Fedora update for ktorrent
Index(s):
- Date
- Fil

Archives de la liste de diffusion Secunia
Archives de la liste de diffusion Full Disclosure

SecuToolBox :

Bluetooth Stack Smasher v0.6 / Bluetooth Stack Smasher v0.8 / Slides Bluetooth Eurosec 2006 / Exposé vidéo Windows Shellcode - Kostya Kortchinsky / Exposé audio Reverse Engineering - Nicolas Brulez / Exposé vidéo Securitech - Pierre Betouin / Secure WIFI WPA + EAP-TLS + Freeradius / Audit Windows / Captive Password Windows / USBDumper / USBDumper 2 / Hacking Hardware / WishMaster backdoor / DNS Auditing Tool / Ettercap SSL MITM / Exploit vulnérabilités Windows / Memory Dumper Kernel Hardening / Reverse Engineering / Scapy / SecUbuLIVE CD / Metasploit / eEye Blink Sec Center / eEye Retina Scanner + d'outils / + de tutoriels

Mini-Tagwall des articles publiés sur SecuObs :

sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre + de mots clés avec l'annuaire des articles publiés sur SecuObs

Mini-Tagwall de l'annuaire video :

curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio + de mots clés avec l'annuaire des videos

Mini-Tagwall des articles de la revue de presse :

security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité + de mots clés avec l'annuaire de la revue de presse

Mini-Tagwall des Tweets de la revue Twitter :

security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack + de mots clés avec l'annuaire de la revue Twitter