Secunia Security Advisory - Ubuntu has issued updates for ntp-refclock / ntp-server / ntp-simple. These fix a vulnerability, which can cause ntpd to run with incorrect group permissions.
ef0d445978ca110173838431ba60d659a6bd9c9094acefc5aa881d4a8a398a4a
----------------------------------------------------------------------
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/
----------------------------------------------------------------------
TITLE:
Ubuntu update for ntp-refclock / ntp-server / ntp-simple
SECUNIA ADVISORY ID:
SA16647
VERIFY ADVISORY:
http://secunia.com/advisories/16647/
CRITICAL:
Not critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Ubuntu Linux 4.10
http://secunia.com/product/4491/
DESCRIPTION:
Ubuntu has issued updates for ntp-refclock / ntp-server / ntp-simple.
These fix a vulnerability, which can cause ntpd to run with incorrect
group permissions.
For more information:
SA16602
SOLUTION:
Apply updated packages
-- Ubuntu 4.10 (Warty Warthog) --
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a-10ubuntu2.1.diff.gz
Size/MD5: 234593 97c1bebfcae647a962f162363c7ed022
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a-10ubuntu2.1.dsc
Size/MD5: 798 f63546aed9aa010e3dd0b0874d687aa4
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a.orig.tar.gz
Size/MD5: 2246283 730f143d7b0d85200caf77cbb4864dc4
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-doc_4.2.0a-10ubuntu2.1_all.deb
Size/MD5: 873462 16ce9b812dbe0b38f4d8fb01153d1f92
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a-10ubuntu2.1_amd64.deb
Size/MD5: 213814 eeef43514349c68674cae6bfaf6b3cd7
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a-10ubuntu2.1_amd64.deb
Size/MD5: 31306 fe323fa75ac6db329d85507aa4cea6c6
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a-10ubuntu2.1_amd64.deb
Size/MD5: 128998 b500b8fa871f005a32185bc2bce38cbf
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a-10ubuntu2.1_amd64.deb
Size/MD5: 254940 c5e907a96d3ff23e3d722ed95378c696
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a-10ubuntu2.1_amd64.deb
Size/MD5: 43472 847b93764a179a79eb2f36d6cb9e9cf5
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a-10ubuntu2.1_i386.deb
Size/MD5: 192816 e45ee4c94a3baa30aaaa85e40d813311
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a-10ubuntu2.1_i386.deb
Size/MD5: 30438 05ee202944ccf62bf46df35afbc47b09
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a-10ubuntu2.1_i386.deb
Size/MD5: 116122 f6ed8189745dfa4261d416b07ca23486
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a-10ubuntu2.1_i386.deb
Size/MD5: 243778 c5958083e247ccbf94377c9931b134ea
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a-10ubuntu2.1_i386.deb
Size/MD5: 40328 a98918a90262ecbb81b908278c97eabe
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/universe/n/ntp/ntp-refclock_4.2.0a-10ubuntu2.1_powerpc.deb
Size/MD5: 212772 7d81e4de659be6d86ee088db9b738bfa
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-server_4.2.0a-10ubuntu2.1_powerpc.deb
Size/MD5: 31152 0455fc6928040ef536fb0cd589ab8b8b
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp-simple_4.2.0a-10ubuntu2.1_powerpc.deb
Size/MD5: 128824 5c7ba8451fd85393f97994b9ab0aee0f
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntp_4.2.0a-10ubuntu2.1_powerpc.deb
Size/MD5: 256310 86c56a61d3c882d1d909773ef838bc09
http://security.ubuntu.com/ubuntu/pool/main/n/ntp/ntpdate_4.2.0a-10ubuntu2.1_powerpc.deb
Size/MD5: 43090 de414d466407f150b207ed4788e5fe3e
ORIGINAL ADVISORY:
http://www.ubuntulinux.org/usn/usn-175-1
OTHER REFERENCES:
SA16602:
http://secunia.com/advisories/16602/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------