星球 | Ubuntu 正體中文站

星球

RSS | RDF | ATOM

USN-1108-2: DHCP vulnerability

2011/4/20 3:03:21 | Ubuntu security notices

Ubuntu Security Notice USN-1108-2

19th April, 2011

dhcp3 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Summary

An attacker's DHCP server could send crafted responses to your computer and
cause it to run programs as root.

Software description

dhcp3
- DHCP Client

Details

USN-1108-1 fixed vulnerabilities in DHCP. Due to an error, the patch to fix
the vulnerability was not properly applied on Ubuntu 9.10 and higher. This
update fixes the problem.

Original advisory details:

Sebastian Krahmer discovered that the dhclient utility incorrectly filtered
crafted responses. An attacker could use this flaw with a malicious DHCP
server to execute arbitrary code, resulting in root privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: dhcp3-client

3.1.3-2ubuntu6.2
Ubuntu 10.04 LTS:: dhcp3-client

3.1.3-2ubuntu3.2
Ubuntu 9.10:: dhcp3-client

3.1.2-1ubuntu7.3

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0997

USN-1114-1: KDENetwork vulnerability

2011/4/19 9:12:52 | Ubuntu security notices

Ubuntu Security Notice USN-1114-1

18th April, 2011

kdenetwork vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Summary

An attacker could overwrite files owned by the user if KGet opened a
crafted metalink file.

Software description

kdenetwork
- networking applications for KDE 4

Details

It was discovered that KGet did not properly perform input validation when
processing metalink files. If a user were tricked into opening a crafted
metalink file, a remote attacker could overwrite files via directory
traversal, which could eventually lead to arbitrary code execution.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: kget

4:4.5.1-0ubuntu2.2
Ubuntu 10.04 LTS:: kget

4:4.4.5-0ubuntu1.1
Ubuntu 9.10:: kget

4:4.3.2-0ubuntu4.5

After a standard system update you need to restart KGet to make all the
necessary changes.

References

CVE-2011-1586

USN-1113-1: Postfix vulnerabilities

2011/4/19 3:14:18 | Ubuntu security notices

Ubuntu Security Notice USN-1113-1

18th April, 2011

postfix vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Ubuntu 8.04 LTS

Ubuntu 6.06 LTS

Summary

An attacker could send crafted input to Postfix and cause it to reveal
confidential information.

Software description

postfix
- High-performance mail transport agent

Details

It was discovered that the Postfix package incorrectly granted write access
on the PID directory to the postfix user. A local attacker could use this
flaw to possibly conduct a symlink attack and overwrite arbitrary files.
This issue only affected Ubuntu 6.06 LTS and 8.04 LTS. (CVE-2009-2939)

Wietse Venema discovered that Postfix incorrectly handled cleartext
commands after TLS is in place. A remote attacker could exploit this to
inject cleartext commands into TLS sessions, and possibly obtain
confidential information such as passwords. (CVE-2011-0411)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: postfix

2.7.1-1ubuntu0.1
Ubuntu 10.04 LTS:: postfix

2.7.0-1ubuntu0.1
Ubuntu 9.10:: postfix

2.6.5-3ubuntu0.1
Ubuntu 8.04 LTS:: postfix

2.5.1-2ubuntu1.3
Ubuntu 6.06 LTS:: postfix

2.2.10-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References

CVE-2009-2939,

CVE-2011-0411

USN-1108-1: DHCP vulnerability

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1108-1

11th April, 2011

dhcp3 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Ubuntu 8.04 LTS

Ubuntu 6.06 LTS

Summary

An attacker's DHCP server could send crafted responses to your computer
and cause it to run programs as root.

Software description

dhcp3
- DHCP Client

Details

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: dhcp3-client

3.1.3-2ubuntu6.1
Ubuntu 10.04 LTS:: dhcp3-client

3.1.3-2ubuntu3.1
Ubuntu 9.10:: dhcp3-client

3.1.2-1ubuntu7.2
Ubuntu 8.04 LTS:: dhcp3-client

3.0.6.dfsg-1ubuntu9.2
Ubuntu 6.06 LTS:: dhcp3-client

3.0.3-6ubuntu7.2

In general, a standard system update will make all the necessary changes.

References

CVE-2011-0997

USN-1109-1: GIMP vulnerabilities

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1109-1

13th April, 2011

gimp vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Ubuntu 8.04 LTS

Summary

GIMP could be made to run programs as your login if it opened a
specially crafted file.

Software description

gimp
- The GNU Image Manipulation Program

Details

It was discovered that GIMP incorrectly handled malformed data in certain
plugin configuration files. If a user were tricked into opening a specially
crafted plugin configuration file, an attacker could cause GIMP to crash,
or possibly execute arbitrary code with the user's privileges. The default
compiler options for affected releases should reduce the vulnerability to a
denial of service. (CVE-2010-4540, CVE-2010-4541, CVE-2010-4542)

It was discovered that GIMP incorrectly handled malformed PSP image files.
If a user were tricked into opening a specially crafted PSP image file, an
attacker could cause GIMP to crash, or possibly execute arbitrary code with
the user's privileges. (CVE-2010-4543)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: gimp

2.6.10-1ubuntu3.2
Ubuntu 10.04 LTS:: gimp

2.6.8-2ubuntu1.2
Ubuntu 9.10:: gimp

2.6.7-1ubuntu1.2
Ubuntu 8.04 LTS:: gimp

2.4.5-1ubuntu2.3

After a standard system update you need to restart GIMP to make all the
necessary changes.

References

CVE-2010-4540,

CVE-2010-4541,

CVE-2010-4542,

CVE-2010-4543

USN-1110-1: KDE-Libs vulnerabilities

2011/4/15 4:12:51 | Ubuntu security notices

Ubuntu Security Notice USN-1110-1

14th April, 2011

kde4libs vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Summary

An attacker could send crafted input to Konqueror to view sensitive
information.

Software description

kde4libs
- KDE 4 core applications

Details

It was discovered that KDE KSSL did not properly verify X.509 certificates
when the certificate was issued for an IP address. An attacker could
exploit this to perform a man in the middle attack to view sensitive
information or alter encrypted communications. (CVE-2011-1094)

Tim Brown discovered that KDE KHTML did not properly escape URLs from
externally generated error pages. An attacker could expoit this to conduct
cross-site scripting attacks. With cross-site scripting vulnerabilities, if
a user were tricked into viewing server output during a crafted server
request, a remote attacker could exploit this to modify the contents, or
steal confidential data (such as passwords), within the same domain.
(CVE-2011-1168)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: libkio5

4:4.5.1-0ubuntu8.1; libkhtml5

4:4.5.1-0ubuntu8.1
Ubuntu 10.04 LTS:: kdelibs5

4:4.4.5-0ubuntu1.1
Ubuntu 9.10:: kdelibs5

4:4.3.2-0ubuntu7.3

After a standard system update you need to restart any applications that
use KSSL or KHTML, such as Konqueror, to make all the necessary changes.

References

CVE-2011-1094,

CVE-2011-1168

SSH 的公私錀生成說明

2011/4/16 22:33:00 | hoamon's sandbox

Linux/Mac:

請在命令列鍵入如下指令：

$ ssh-keygen -t rsa -b 4096


Generating public/private rsa key pair.
Enter file in which to save the key (/home/tmp/.ssh/id_rsa): <<按 Enter ，使用預設值>>
Enter passphrase (empty for no passphrase): <<設個私錀密碼，請大於 5 個字元>>
Enter same passphrase again: <<確認剛剛的私錀密碼>>

Your identification has been saved in /home/tmp/.ssh/id_rsa.
Your public key has been saved in /home/tmp/.ssh/id_rsa.pub.
The key fingerprint is:
72:fb:40:ba:8a:40:be:48:03:bd:20:13:6d:83:cb:d0 tmp@core2duo
The key's randomart image is:
+--[ RSA 4096]----+
|                 |
| +               |
|+ A              |
|o= .             |
|*o. T . S        |
|=o .   = .       |
|.-.   . o        |
|o.o.   . o       |
|... ...   .      |
+-----------------+

這樣，你的公錀就是 ~/.ssh/id_rsa.pub 而私錀就是 ~/.ssh/id_rsa 。

$ cat ~/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAz22m/azvKC7uk05/D6qvl5c+QR95jkiqEpnn3/co/zOGc4Gf7v1sc5H7Lf5CUOTxgfgAOZSmdr1OPaUYU1cvJTLTjKeVznifyTl3KabMH1Yy8wpSS1TjCTbS8896uXXYtrdIL5KEHnVADYdS4fHWtY7uAR+JWlbh9OjN3deU77656knwW0PO5ELMYKUicSZZZFoUFyDCflM61cNNP1i/rwa1pp8nFqyjzNOq5hKaEsssiJK4tPcm+5K8rwRXm3k7fprvoxYswebo9U85kvyWPqY0iMFE0P019Pbq5VWCaqfv9nzD7rZaKe+aLk/7n+E4HSSSLYNlhnQkZUVm40zGnhGEZvT0e+kmpJpXJKjAe3ZJkowc3o8xrBjD0ULP+jN1fHMUxllWOuxgNkqdD/UjXf5E777Zw+Fpoy2B1c/wRPpRfsFisfLg9xxj3MF+E3wkHROOtrSv+M2wLKVtDODF4zwO8dr5g9s5xBTlSJFsBCJGmX2+zQ6y2033amRnr/Xl0+KAqCOdO+BmQ+iw7X0DFCfxZtjx4RQXcGYw3HqSKP3I4Tft0IHD0g1HXuQhMezG6yVIVABgbo47+Xbdxx7vFb82Anv7DnmhbOovk3LDrzPzyNe7fS2Jla5T5Etb5jyEHE1qNfJNzKVgxjBMGKGk7L5GIx7pXUk= tmp@core2duo

把上面的公錀內容放到你想登入的 Linux/Mac 機器中的 ~/.ssh/authorized_keys2 (這個檔，其實是看系統管理員是怎麼設定的，只不過一般的 Linux 套件都是用這個作預設值)中，這樣你就能使用這一對公私錀登入遠端機器了。

Windows:

就比較麻煩了，請去下載 puttygen.exe 程式，執行它後如下圖：

選擇 SSH-2 RSA 及輸入 4096 的 Number of bits in a generated key 後，再按下 Generate 按鈕，讓滑鼠停留在綠色生成桿的下方空白處，並胡亂移動滑鼠遊標，讓 puttygen.exe 得到亂數種子，待進度達百分百後，可得到下圖：

選取的藍色文字即公錀內容，請貼到你欲登入的 Linux/Mac 機器中的 ~/.ssh/authorized_keys2 中，而私錀部份，請在設定密碼「Key passphrase」及確認密碼「Confirm passphrase」後，按下 Save private key 按鈕以存檔至系統硬碟。

最後，請保護好你的私錀檔(最好不要離開生成它的機器硬碟)，遺失它或是被別人盜取後的代價相當大。 Good Luck!

我的Ardour2怎麼沒辦法隨便移動位置、迴帶？

2011/4/17 0:47:00 | 魔法設計的藝術

搞了半天，看了這篇文的第四樓，才恍然大悟，Ardour2 2.8.11 rev.7387裝起來，預設的設定會自動開Time master....那Ardour2就會鎖住，不讓你移動時間點好在我找到答案了....不然我過帶會瘋掉.....過一軌帶就重開一次Ardour2 orz

How to get a free HTTPS web certification authority by StartSSL.com

2011/4/17 20:53:00 | hoamon's sandbox

一般在上網時，所用的 Http 協定是明碼的，使用者與網站伺服器之間的任何網路結點(閘道器)都有方法可以看到網路連線所傳遞的訊息，所以如果網站所提供的服務關係到機密(隱私)資料時，我都會讓網站用 Https 加密協定服務。

使用 Https 服務時，有一個重要觀念：如何拒絕「中間人攻擊」。

假想一個以 Https 加密協定服務的 A 網站，在它與使用者傳遞公錀(加密憑證)時，是被一個中間人接走，而中間人再把它自己的公錀傳遞給使用者，結果使用者傻傻地使用中間人的公錀加密，再把加密資訊傳到中間人，而中間人用自己的私錀解密後，再用 A 網站公錀加密傳回 A 網站，在這個模式，雖然使用的是 Https 協定，但資料還是被中間人看光光了。

所以要防止此類攻擊，就必須讓使用者能「確認」公錀真的是 A 網站的。方法是使用者自己手頭上要有一些公認機構所發行的公錀憑證(一般的瀏覽器都已經包入)，然後在拿到 A 網站的公錀憑證時，用手頭上已有的公認機構公錀憑證去驗證這個 A 網站的公錀憑證是否被這些公認機構簽核過，如果有，則表示公錀的確就是 A 網站的，當使用者用這把公錀加密時，就只能被 A 網站解密。

本篇文章的目的是站在 A 網站的立場上，如何將 A 網站的公錀交給公認機構作簽核，這樣使用者在瀏覽 A 網站時，才不會跳出一個警示視窗告知使用者：「 A 網站有安全疑慮」。

一般將公錀交給公認機構去作簽核是要花錢的，像是國內最大的簽證公司(我猜的)網際威信最便宜的簽核年費是 18000 元。這筆費用不是每個人要願意負擔的，像是我的 https 網站，主要是提供我們團隊作專案管理之用，也就不到 10 位的使用者，要我花 18000 元，去買一個「讓使用者在一年之內不會看到該網站有安全疑慮」的警告訊息，這我可花不下手。

所幸，有公認機構了解這種需求，它以「一年免費」作廣告宣傳，如果有更高級的簽核需求，它才額外收費。那麼以我上述所要的，其實就拿那個「一年免費」用用即可。

首先請使用 Firefox (它們目前不支援 Chrome)去瀏覽 http://www.startssl.com/ ，並點選右上角的錀匙圖示，如下圖：

就能看到 Sign-up 按鈕，如下圖：

按下 Sign-up 按鈕就開始註冊帳戶的流程，整個公錀簽核的程序分成三個階段：

註冊帳戶
驗證網址
公錀簽核

1. 註冊帳戶時， startssl 會給你的瀏覽器一個全新的公私錀檔，這個公私錀檔是專供你的帳戶使用的，這個公私錀檔要好好保管，搞丟了，你就不能再用這個帳戶申請簽核的動作，因為它的登入不是用帳號密碼作登入機制，而是用公私錀作登入機制。

2. 驗證網址，你必須證明要作簽核的網址是你所管理的。而這個驗證動作完成後，你也只有 30 天的期限去作簽核它的公錀，過期後，就必須再次驗證網址。

3. 針對已驗證過的網址，你可以申請簽核公錀的動作，主要分兩種作法，一是 startssl 完全生出一把全新的公私錀憑證; 二是我們自己生出私錀及公錀請求檔，再把公錀請求檔交給 startssl 去作出已簽核的公錀。本文是介紹第二種方法，因為私錀應該是自己處理會比較妥當，不要懶惰到連解密錀匙也委託他人製造，我個人認為這種人不只懶還不負責任。

原則上，公錀不過是一個文字檔，所以它在 Linux, Window$, Mac 作業系統下，都能處理，但我個人還是喜歡用 Linux 來作這件事。

1. 註冊帳戶：

請填寫你的詳細資料，原則上，他們只採 web 審核，所以只要你的資料不要「太假」，他們都會通過。

請到註冊信箱接受具驗證碼的信。並注意「目前的這個視窗」是不允許關閉的，如果你關閉當下這個網頁，再用相同連結回來，這樣你填寫的驗證碼就算是對的，它也不會通過你的申請。

產生「帳戶」專用的公私錀檔，可選擇 Hign Grade 。

將公私錀檔安裝至瀏覽器上，這裡的公私錀檔是指你的帳戶與 startssl 網站溝通時，所用的公私錀檔，而不是你的網站要用的公錀。

建議你備份這份公私錀檔。

完成後，可見到帳戶頁面。

2. 驗證網址：

我是選擇 Domain Name Validation 方式。

填入網址。

startssl 會從 whois 資料中抓出管理員信箱，所以你必須確認該網址的 whois 內容是正確的。

請到信箱收取驗證碼。並填入上面的 Verification Code 中。

成功後，你只有 30 天的時間，去簽核讓網站的公錀檔。

3. 簽核公錀：

公錀可以有很多種用途( Email/XMPP/Object Code )，但目前我只需要 Web 的，所以選擇 Web Server SSL/TLS certificate 。

要使用自己獨立生成的私錀來作簽核公錀的動作，請選擇 Skip 。

欲生成長度為 4096 bits 的私錀檔並使用 des3 格式作私錀加密(密碼長度要大於 4 個字元)，請使用如下指令：

# openssl genrsa -des3 -out exmple.com.key 4096
Generating RSA private key, 4096 bit long modulus
................................................................................................................................................................++
...............................................++
e is 65537 (0x10001)
Enter pass phrase for exmple.com.key:
Verifying - Enter pass phrase for exmple.com.key:

從新增的私錀中，產生一個憑證請求檔，並在請求檔中，寫入「目標網址」(也就是你剛驗證過的那個網址)的所屬資料，如：所在地、單位名稱、負責人信箱等：

# openssl req -new -key exmple.com.key -out exmple.com.csr
Enter pass phrase for exmple.com.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:{{TW}}
State or Province Name (full name) [Some-State]:{{Taichung}}
Locality Name (eg, city) []:{{Taichung}}
Organization Name (eg, company) [Internet Widgits Pty Ltd]:{{EXAMPLE-Company}}
Organizational Unit Name (eg, section) []:{{EXAMPLE-Company}}
Common Name (eg, YOUR name) []:{{EXAMPLE Company}}
Email Address []:{{master@exmple.com}}

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

兩個 {{ }} 所包住的部份，請自己修改成正確資料。

在 Linux 完成 CSR 檔的製作後，你會得到 example.com.csr 檔案，請將檔案內容貼入上圖的文字框中。

CSR檔如無誤，它會出現上圖的訊息。

它要你選擇要生成簽核公錀的頂層網域。

請填入你所提供 https 服務的網址名稱。

確認要簽核公錀的網址。 startssl 簽核的公錀，預設會給你的目標網域及它的頂層網址兩個。如果你要簽核公錀的網址希望是 *.example.com ，也就是除頂層網域外，把它的下層網域一網打盡，也是可以，只要二年付 USD 49.9 即可，大約 1500 元的新台幣，而且這是 wild cards 網址，網際威信可沒這麼好康，一個就要 18000 元、二個就是要 36000 元。這時，我又感到「全球化」的愉悅。

接下來，請把文字框中的文字貼到 example.com.crt 中，這個內容即已被簽核過的公錀檔。另外，請順便下載上圖中的 intermediate 及 root 兩個 CA 檔案。

整個工作完成了。

然後在 Apache 設定檔中設定如下：

 SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM
SSLCertificateFile /etc/apache2/example.com.crt
SSLCertificateKeyFile /etc/apache2/example.com.key
SSLCertificateChainFile /etc/apache2/sub.class1.server.ca.pem
SSLCACertificateFile /etc/apache2/ca.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown

重新啟動 Apache 時，它會問你私錀密碼為何? 這個動作在管理員面前發生是沒有問題的，但在系統自動重開機時，會造成困惱，所以我們可移除私錀的加密，指令如下：

# openssl rsa -in exmple.com.key -out exmple.com.key.no_password

exmple.com.key.no_password 這個私錀檔就是沒加密的，將它寫入 apache 設定檔即可。

USN-1107-1: x11-xserver-utils vulnerability

2011/4/14 22:21:26 | Ubuntu security notices

Ubuntu Security Notice USN-1107-1

6th April, 2011

x11-xserver-utils vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 10.10

Ubuntu 10.04 LTS

Ubuntu 9.10

Ubuntu 8.04 LTS

Summary

An attacker could send crafted input to xrdb and cause it to run programs
as root.

Software description

x11-xserver-utils
- X server utilities

Details

Sebastian Krahmer discovered that the xrdb utility incorrectly filtered
crafted hostnames. An attacker could use this flaw with a malicious
DHCP server or with a remote xdmcp login and execute arbitrary code,
resulting in root privilege escalation.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 10.10:: x11-xserver-utils

7.5+2ubuntu1.1
Ubuntu 10.04 LTS:: x11-xserver-utils

7.5+1ubuntu2.1
Ubuntu 9.10:: x11-xserver-utils

7.4+2ubuntu3.1
Ubuntu 8.04 LTS:: x11-xserver-utils

7.3+2ubuntu0.1

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

CVE-2011-0465

(1) 2 3 4 ... 297 »

排序: 點擊 | 時間 | 缺省
列表 | Blogs