---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tcp-wrappers SECUNIA ADVISORY ID: SA26567 VERIFY ADVISORY: http://secunia.com/advisories/26567/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 7.04 http://secunia.com/product/14068/ DESCRIPTION: Ubuntu has acknowledged a vulnerability in tcp-wrappers, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the "daemon_or_port_match()" function in host_access.c when handling connections to services that have no server socket details specified in the hosts.deny file. This can be exploited to connect to services from locations which were intended to be blocked. SOLUTION: Apply updated packages. -- Ubuntu 7.04 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.diff.gz Size/MD5: 51563 a66ffe0947add0d626dc9d813298c931 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs-11ubuntu0.1.dsc Size/MD5: 784 4430f26d95e93408a174206b2da912d2 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.dbs.orig.tar.gz Size/MD5: 99548 3a8f32fa7a030d84c7260578ffb46c29 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_amd64.deb Size/MD5: 37234 297a97e32256bfd222a08b7a249fca50 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_amd64.deb Size/MD5: 30876 81ab1ff3bc887cba421857b92599f064 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_amd64.deb Size/MD5: 80144 c502d7ca97203abef9d8468ae14a2751 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_i386.deb Size/MD5: 34432 64f1a0e9d0dc0dd2eae5af32d35e8a2b http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_i386.deb Size/MD5: 29374 31f7af2847ae763f268c0f3a4c683335 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_i386.deb Size/MD5: 78086 8ee708787754927c56bed98631cc739c powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_powerpc.deb Size/MD5: 37028 62d8517de1af829ebd5baf0cc39d2cbb http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_powerpc.deb Size/MD5: 32804 0cc1db9a4c4f5577a99e887d8094c86a http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_powerpc.deb Size/MD5: 87362 54d419fa50c66cad5c04ad2ca3ed4163 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0-dev_7.6.dbs-11ubuntu0.1_sparc.deb Size/MD5: 35094 e400ccb9a4c8f78c1e451d5a3602958f http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/libwrap0_7.6.dbs-11ubuntu0.1_sparc.deb Size/MD5: 28856 abe647adb76cba044f17786e028da758 http://security.ubuntu.com/ubuntu/pool/main/t/tcp-wrappers/tcpd_7.6.dbs-11ubuntu0.1_sparc.deb Size/MD5: 79062 e6e97f4e4e585dfaef10f08a1608952b PROVIDED AND/OR DISCOVERED BY: Reported by Jamin W. Collins in the Debian libwrap package and Maxime ritter in the Ubuntu tcp-wrappers package. ORIGINAL ADVISORY: http://www.ubuntu.com/usn/usn-507-1 OTHER REFERENCES: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405342 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------