USN-670-1: VMBuilder vulnerability

11-13-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-670-1: VMBuilder vulnerability

Description:
===========================================================Ubuntu Security Notice USN-670-1 November 13, 2008vm-builder vulnerabilityhttps://bugs.launchpad.net/+bug/296841===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: passwd 1:4.0.13-7ubuntu3.3Ubuntu 7.10: passwd 1:4.0.18.1-9ubuntu0.1Ubuntu 8.04 LTS: passwd 1:4.0.18.2-1ubuntu2.1Ubuntu 8.10: passwd 1:4.1.1-1ubuntu1.1 python-vm-builder 0.9-0ubuntu3.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:Mathias Gug discovered that vm-builder improperly set the rootpassword when creating virtual machines. An attacker could exploitthis to gain root privileges to the virtual machine by using apredictable password.This vulnerability only affects virtual machines created withvm-builder under Ubuntu 8.10, and does not affect native Ubuntuinstallations. An update was made to the shadow package to detectvulnerable systems and disable password authentication for theroot account. Vulnerable virtual machines which an attacker hasaccess to should be considered compromised, and appropriate actionstaken to secure the machine.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

byobu-janitor(1) byobu byobu-janitor(1) NAME
byobu-janitor - script for cleaning and upgrading environment after upgrades SYNOPSIS
byobu-janitor DESCRIPTION
byobu-janitor is script for cleaning environment after upgrades, it consists from several tasks where aim is to ensure that environment is ready for new version of byobu. BUGS
None found, yet. SEE ALSO
screen(1), byobu-config(1), byobu-export(1), byobu-status(1), byobu-status-detail(1) http://launchpad.net/byobu AUTHOR
This manpage was written by Jan Klepek <jan.klepek at gmail.com> and the utility was written by Dustin Kirkland <kirkland@ubuntu.com> for Ubuntu systems (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 3 published by the Free Software Foundation. The complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL on Debian/Ubuntu systems, or in /usr/share/doc/fedora-release-*/GPL on Fedora systems, or on the web at http://www.gnu.org/licenses/gpl.txt. byobu 6 January 2011 byobu-janitor(1)

Security Advisories (RSS)

USN-670-1: VMBuilder vulnerability

LEARN ABOUT LINUX

byobu-janitor