----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Ubuntu vm-builder Root Password Vulnerability

SECUNIA ADVISORY ID:
SA32697

VERIFY ADVISORY:
http://secunia.com/advisories/32697/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass

WHERE:
>From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/advisories/product/10611/
Ubuntu Linux 7.10
http://secunia.com/advisories/product/16251/
Ubuntu Linux 8.04
http://secunia.com/advisories/product/18611/
Ubuntu Linux 8.10
http://secunia.com/advisories/product/20299/

DESCRIPTION:
Ubuntu has acknowledged a vulnerability in vm-builder. This can be
exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to vm-builder setting an insecure
root password when building virtual machines. This can be exploited
to gain root access to a virtual machine created using vm-builder.

Note: Reportedly, this only affects virtual machines created using
vm-builder under Ubuntu 8.10. Native Ubuntu installations are not
affected.

SOLUTION:
The vendor has issued an update to the shadow package to identify
affected systems and disable root password authentication.

The vendor recommends that affected systems should be considered
compromised.

-- Ubuntu 6.06 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.3.diff.gz
Size/MD5: 206560 86db587aab7fb6add48a269dae827c10
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13-7ubuntu3.3.dsc
Size/MD5: 893 2f8d9ed7b6ce8a5d857b009b1550fd68
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.13.orig.tar.gz
Size/MD5: 1622557 034fab52e187e63cb52f153bb7f304c8

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_amd64.deb
Size/MD5: 249562 da2146d8b42163d6ed8c6c801e2d208c
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_amd64.deb
Size/MD5: 683736 51948263e9c625e7f081ca4ab6523dce

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_i386.deb
Size/MD5: 241068 610cef355f91fea932a546726232b7f6
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_i386.deb
Size/MD5: 616726 cabec9273cef1392ca453d4b1af51eec

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_powerpc.deb
Size/MD5: 251446 1f6ca96db573d0cde9345050b10bb758
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_powerpc.deb
Size/MD5: 665312 e36712a8439d97f3a0448779642b1113

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.13-7ubuntu3.3_sparc.deb
Size/MD5: 240030 da5bb560151677024cab1cb9af326a93
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.13-7ubuntu3.3_sparc.deb
Size/MD5: 620364 c22e9d1bc09fe4e7f1370d451472caac

-- Ubuntu 7.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.1.diff.gz
Size/MD5: 148053 2153b473369cbe69b09b6e954003166d
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1-9ubuntu0.1.dsc
Size/MD5: 1077 407685adb0036e81018a56d54cd6ddfe
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.1.orig.tar.gz
Size/MD5: 2354234 3f54eaa3a35e7c559f4def92e9957581

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_amd64.deb
Size/MD5: 327376 5f0e0a0c6fbaa7af3a2b246828576e70
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_amd64.deb
Size/MD5: 795820 0f8ccb35fcc51086a35db0a5f2686300

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_i386.deb
Size/MD5: 320252 fbebb0aa037d50148d35332715fb211d
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_i386.deb
Size/MD5: 716042 457210a055cffd9a1855532422581d4a

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_lpia.deb
Size/MD5: 317094 ae6795e8423e200ef60e96f83a47ab96
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_lpia.deb
Size/MD5: 709672 573ad8c4f67fb7dea720e826854ead8e

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_powerpc.deb
Size/MD5: 328422 84c3e42d3b2c5bbb8a1f75ed966b42b8
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_powerpc.deb
Size/MD5: 874966 954d6b7b5c3735626ea1385c3e1eddeb

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.1-9ubuntu0.1_sparc.deb
Size/MD5: 322186 69efe5e3508518694e38030c61c603ef
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.1-9ubuntu0.1_sparc.deb
Size/MD5: 725220 ae0c71e0d45b5bba0d952552a211da11

-- Ubuntu 8.04 LTS --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.1.diff.gz
Size/MD5: 91711 8e4f421c8d27511aba9285744802b504
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2-1ubuntu2.1.dsc
Size/MD5: 1160 1524873578db272d836a7d02ec1fa846
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.0.18.2.orig.tar.gz
Size/MD5: 2501791 c3cf8814cc1323ecafd953b00efcba50

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_amd64.deb
Size/MD5: 261382 6f6235ea5b9ca5b152563bbf9d4cde4a
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_amd64.deb
Size/MD5: 645332 186b8730483174ea75dafe425e1260a4

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_i386.deb
Size/MD5: 255198 005c58d0964b57dff146c09692c07798
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_i386.deb
Size/MD5: 566210 e524467fe37f0e791129190a0aca01ab

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_lpia.deb
Size/MD5: 253736 5a2f5b96d939d18af22f4bfb1dda8558
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_lpia.deb
Size/MD5: 565542 fe962454f56801493ec147c8e8c24f1d

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_powerpc.deb
Size/MD5: 262990 646a6389c912eedefad34c2a7f3625c0
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_powerpc.deb
Size/MD5: 716822 7fd10e7dd1d948eafca991e083eb19f1

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.0.18.2-1ubuntu2.1_sparc.deb
Size/MD5: 257688 6f91c97f97703d9cfbe74e2c9d70fde0
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.0.18.2-1ubuntu2.1_sparc.deb
Size/MD5: 576118 f4ba465d6b49c347a3cfd6583186aa85

-- Ubuntu 8.10 --

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.1.diff.gz
Size/MD5: 77465 cb93d5a7b3e454e9a6e2508ba778a42f
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1-1ubuntu1.1.dsc
Size/MD5: 1664 a898645ed7d684b8793458ba0b6cbbc5
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/shadow_4.1.1.orig.tar.gz
Size/MD5: 2720267 ae893c18fdb0a89bc7991ba1098f1446
http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9-0ubuntu3.1.diff.gz
Size/MD5: 21565 04af0e267d97387cb809343e74373ad2
http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9-0ubuntu3.1.dsc
Size/MD5: 1206 8d5f90bea4044e7401af35ee7987e026
http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/vm-builder_0.9.orig.tar.gz
Size/MD5: 22349 c141e399df7860924c690559cddfc18f

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/python-vm-builder-ec2_0.9-0ubuntu3.1_all.deb
Size/MD5: 3992 6fe97a955e0999193d09ac85baaed506
http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/python-vm-builder_0.9-0ubuntu3.1_all.deb
Size/MD5: 192600 32fcecc0265e4fe7dafc47a1870d7f60
http://security.ubuntu.com/ubuntu/pool/universe/v/vm-builder/ubuntu-vm-builder_0.9-0ubuntu3.1_all.deb
Size/MD5: 1890 9430d7a9ae9ad3b1e62bf8ed1da75167

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_amd64.deb
Size/MD5: 308110 a80dad8155d7e72e0ea606da4b263208
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_amd64.deb
Size/MD5: 884672 f0b852ce5c6a2f78ff42f4f1ac07098e

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_i386.deb
Size/MD5: 299874 84fa6487a6e963332758881ab1feef85
http://security.ubuntu.com/ubuntu/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_i386.deb
Size/MD5: 786620 b2c15eeed5df1678804c73db65d94aa0

lpia architecture (Low Power Intel Architecture):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_lpia.deb
Size/MD5: 299818 6e3f935ea4b4b367ebf551f726c6e465
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_lpia.deb
Size/MD5: 785976 99a65c60e78cb0c18ff3fa411707941a

powerpc architecture (Apple Macintosh G3/G4/G5):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_powerpc.deb
Size/MD5: 305722 37a40976e0a3a5d7c33a41f9856107c4
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_powerpc.deb
Size/MD5: 901254 5e8ae200712c3673049364c193487f44

sparc architecture (Sun SPARC/UltraSPARC):

http://ports.ubuntu.com/pool/main/s/shadow/login_4.1.1-1ubuntu1.1_sparc.deb
Size/MD5: 303554 34d29aa7f443bea63afe57a483a899b2
http://ports.ubuntu.com/pool/main/s/shadow/passwd_4.1.1-1ubuntu1.1_sparc.deb
Size/MD5: 813862 034459da1cf3046b5a6ea6a3323ceea8

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Mathias Gug.

ORIGINAL ADVISORY:
USN-670-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-November/000777.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------