USN-670-1: VMBuilder vulnerability
Posted on: 11/14/2008 04:20 AM

A new VMBuilder vulnerability update is available for Ubuntu Linux. Here the announcement:

Ubuntu Security Notice USN-670-1 November 13, 2008
vm-builder vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
passwd 1:4.0.13-7ubuntu3.3

Ubuntu 7.10:
passwd 1:

Ubuntu 8.04 LTS:
passwd 1:

Ubuntu 8.10:
passwd 1:4.1.1-1ubuntu1.1
python-vm-builder 0.9-0ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

Mathias Gug discovered that vm-builder improperly set the root
password when creating virtual machines. An attacker could exploit
this to gain root privileges to the virtual machine by using a
predictable password.

This vulnerability only affects virtual machines created with
vm-builder under Ubuntu 8.10, and does not affect native Ubuntu
installations. An update was made to the shadow package to detect
vulnerable systems and disable password authentication for the
root account. Vulnerable virtual machines which an attacker has
access to should be considered compromised, and appropriate actions
taken to secure the machine.

Updated packages for Ubuntu 6.06 LTS:

Source archives:
Size/MD5: 206560 86db587aab7fb6add48a269dae827c10
Size/MD5: 893 2f8d9ed7b6ce8a5d857b009b1550fd68
Size/MD5: 1622557 034fab52e187e63cb52f153bb7f304c8

amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 249562 da2146d8b42163d6ed8c6c801e2d208c
Size/MD5: 683736 51948263e9c625e7f081ca4ab6523dce

i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 241068 610cef355f91fea932a546726232b7f6
Size/MD5: 616726 cabec9273cef1392ca453d4b1af51eec

powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 251446 1f6ca96db573d0cde9345050b10bb758
Size/MD5: 665312 e36712a8439d97f3a0448779642b1113

sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 240030 da5bb560151677024cab1cb9af326a93
Size/MD5: 620364 c22e9d1bc09fe4e7f1370d451472caac

Updated packages for Ubuntu 7.10:

Source archives:
Size/MD5: 148053 2153b473369cbe69b09b6e954003166d
Size/MD5: 1077 407685adb0036e81018a56d54cd6ddfe
Size/MD5: 2354234 3f54eaa3a35e7c559f4def92e9957581

amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 327376 5f0e0a0c6fbaa7af3a2b246828576e70
Size/MD5: 795820 0f8ccb35fcc51086a35db0a5f2686300

i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 320252 fbebb0aa037d50148d35332715fb211d
Size/MD5: 716042 457210a055cffd9a1855532422581d4a

lpia architecture (Low Power Intel Architecture):
Size/MD5: 317094 ae6795e8423e200ef60e96f83a47ab96
Size/MD5: 709672 573ad8c4f67fb7dea720e826854ead8e

powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 328422 84c3e42d3b2c5bbb8a1f75ed966b42b8
Size/MD5: 874966 954d6b7b5c3735626ea1385c3e1eddeb

sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 322186 69efe5e3508518694e38030c61c603ef
Size/MD5: 725220 ae0c71e0d45b5bba0d952552a211da11

Updated packages for Ubuntu 8.04 LTS:

Source archives:
Size/MD5: 91711 8e4f421c8d27511aba9285744802b504
Size/MD5: 1160 1524873578db272d836a7d02ec1fa846
Size/MD5: 2501791 c3cf8814cc1323ecafd953b00efcba50

amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 261382 6f6235ea5b9ca5b152563bbf9d4cde4a
Size/MD5: 645332 186b8730483174ea75dafe425e1260a4

i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 255198 005c58d0964b57dff146c09692c07798
Size/MD5: 566210 e524467fe37f0e791129190a0aca01ab

lpia architecture (Low Power Intel Architecture):
Size/MD5: 253736 5a2f5b96d939d18af22f4bfb1dda8558
Size/MD5: 565542 fe962454f56801493ec147c8e8c24f1d

powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 262990 646a6389c912eedefad34c2a7f3625c0
Size/MD5: 716822 7fd10e7dd1d948eafca991e083eb19f1

sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 257688 6f91c97f97703d9cfbe74e2c9d70fde0
Size/MD5: 576118 f4ba465d6b49c347a3cfd6583186aa85

Updated packages for Ubuntu 8.10:

Source archives:
Size/MD5: 77465 cb93d5a7b3e454e9a6e2508ba778a42f
Size/MD5: 1664 a898645ed7d684b8793458ba0b6cbbc5
Size/MD5: 2720267 ae893c18fdb0a89bc7991ba1098f1446
Size/MD5: 21565 04af0e267d97387cb809343e74373ad2
Size/MD5: 1206 8d5f90bea4044e7401af35ee7987e026
Size/MD5: 22349 c141e399df7860924c690559cddfc18f

Architecture independent packages:
Size/MD5: 3992 6fe97a955e0999193d09ac85baaed506
Size/MD5: 192600 32fcecc0265e4fe7dafc47a1870d7f60
Size/MD5: 1890 9430d7a9ae9ad3b1e62bf8ed1da75167

amd64 architecture (Athlon64, Opteron, EM64T Xeon):
Size/MD5: 308110 a80dad8155d7e72e0ea606da4b263208
Size/MD5: 884672 f0b852ce5c6a2f78ff42f4f1ac07098e

i386 architecture (x86 compatible Intel/AMD):
Size/MD5: 299874 84fa6487a6e963332758881ab1feef85
Size/MD5: 786620 b2c15eeed5df1678804c73db65d94aa0

lpia architecture (Low Power Intel Architecture):
Size/MD5: 299818 6e3f935ea4b4b367ebf551f726c6e465
Size/MD5: 785976 99a65c60e78cb0c18ff3fa411707941a

powerpc architecture (Apple Macintosh G3/G4/G5):
Size/MD5: 305722 37a40976e0a3a5d7c33a41f9856107c4
Size/MD5: 901254 5e8ae200712c3673049364c193487f44

sparc architecture (Sun SPARC/UltraSPARC):
Size/MD5: 303554 34d29aa7f443bea63afe57a483a899b2
Size/MD5: 813862 034459da1cf3046b5a6ea6a3323ceea8

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

Version: GnuPG v1.4.9 (GNU/Linux)


Printed from Linux Compatible (