Objavljena je revizija sigurnosnog upozorenja s oznakom USN-1138-1 vezanog uz propuste u paketima network-manager i modemmanger. Zlonamjerni korisnici ranjivost iz izvornog upozorenja mogu iskoristiti za zaobilaženje postavljenih sigurnosnih ograničenja i pokretanje napada uskraćivanja usluge.
Paket:
modemmanager 0.x, network-manager 0.x
Operacijski sustavi:
Ubuntu Linux 8.04, Ubuntu Linux 10.04
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
dobivanje većih privilegija, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
USN-1138-2
Izvor:
Ubuntu
Problem:
Do propusta dolazi zbog pogreške u radu paketa DBus-GLib. Revizija je izdana radi objave zakrpa za pakete network-manager i modemmanger.
Posljedica:
Potencijalni napadači mogu iskoristiti propust za zaobilaženje postavljenih ograničenja te pokretanje DoS (eng. Denial of Service) napada.
Rješenje:
Savjetuje se primjena izdane programske nadogradnje.
==========================================================================
Ubuntu Security Notice USN-1138-2
May 27, 2011
network-manager, modemmanger update
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS
Summary:
An attacker could send crafted input to NetworkManager and ModemManager
and cause them to crash.
Software Description:
- modemmanager: Modem connection manager
- network-manager: Network connection manager
Details:
USN-1138-1 fixed a vulnerability in DBus-GLib. NetworkManager and
ModemManager required rebuilding against the updated DBus-GLib to
incorporate the changes.
Original advisory details:
It was discovered that DBus-GLib did not properly verify the access flag of
exported GObject properties under certain circumstances. A local attacker
could exploit this to bypass intended access restrictions or possibly
cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 10.04 LTS:
libnm-glib2 0.8-0ubuntu3.2
modemmanager 0.3-0ubuntu2.2
Ubuntu 8.04 LTS:
libnm-glib0 0.6.6-0ubuntu5.8.04.3
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://launchpad.net/bugs/616517
Package Information:
https://launchpad.net/ubuntu/+source/modemmanager/0.3-0ubuntu2.2
https://launchpad.net/ubuntu/+source/network-manager/0.8-0ubuntu3.2
https://launchpad.net/ubuntu/+source/network-manager/0.6.6-0ubuntu5.8.04.3
Posljednje sigurnosne preporuke