Debian update for kernel-patch-vserver / util-vserver - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Debian update for kernel-patch-vserver / util-vserver

Secunia Advisory:	SA19339
Release Date:	2006-03-22

Critical:	Less critical
Impact:	Security Bypass
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.1 Debian GNU/Linux unstable alias sid


CVE reference:	CVE-2005-4347 (Secunia mirror) CVE-2005-4418 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Debian has issued updates for kernel-patch-vserver and util-vserver. This fixes two security issues, which can be exploited by malicious programs to bypass certain security restrictions. 1) The 2.4 kernel patch included in the kernel-patch-vserver package does not properly setup the chroot barrier when used with util-vserver. This may result in unauthorised escapes from a vserver to the host system. 2) The default policy of util-vserver is set to trust all unknown capabilities instead of considering them as insecure. For more information: SA19333 Solution: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updat...rver/kernel-patch-vserver_1.9.5.5.dsc Size/MD5 checksum: 637 415731be72a9cd966e2fdb5d4f408c4a http://security.debian.org/pool/updat...r/kernel-patch-vserver_1.9.5.5.tar.gz Size/MD5 checksum: 950447 fe6b34612095d2fbdbaab5aefbd83264 http://security.debian.org/pool/updat...ver/util-vserver_0.30.204-5sarge3.dsc Size/MD5 checksum: 752 e32069a5ca2ef2bc87794cd6c2160821 http://security.debian.org/pool/updat...util-vserver_0.30.204-5sarge3.diff.gz Size/MD5 checksum: 115947 d0bb2cd998a73905189ee24b5f46dd0d http://security.debian.org/pool/updat...ver/util-vserver_0.30.204.orig.tar.gz Size/MD5 checksum: 677831 b315f375b1cef48da1b644dec18f22bd Architecture independent components: http://security.debian.org/pool/updat.../kernel-patch-vserver_1.9.5.5_all.deb Size/MD5 checksum: 436934 b50048ea819d150d660ed96e3988613b Alpha architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_alpha.deb Size/MD5 checksum: 600660 e52fe0ff93e4c9ca7d58fe8386ebab5a AMD64 architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_amd64.deb Size/MD5 checksum: 429530 c4155982844c085b7d9bc59d7eaa02c4 Intel IA-32 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_i386.deb Size/MD5 checksum: 398794 56831faa6fa6d76c601fee78251f50eb Intel IA-64 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_ia64.deb Size/MD5 checksum: 640332 ab2b2e4283ca5b62c9d9cf5776b6dadb Big endian MIPS architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_mips.deb Size/MD5 checksum: 612918 e4a60532f25ce776880261de79278e85 Little endian MIPS architecture: http://security.debian.org/pool/updat...l-vserver_0.30.204-5sarge3_mipsel.deb Size/MD5 checksum: 614152 f3aee29aad2682878f8ed22064f3fafa PowerPC architecture: http://security.debian.org/pool/updat...-vserver_0.30.204-5sarge3_powerpc.deb Size/MD5 checksum: 425444 9a7542249c2b70661abab2afd5270462 IBM S/390 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_s390.deb Size/MD5 checksum: 440880 376560971a0d2db4bfd51beb67d42bff Sun Sparc architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_sparc.deb Size/MD5 checksum: 395640 51e24ac4754b1aa41277378ee9271a1f -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.3 of kernel-patch-vserver and in version 0.30.208-1 of util-vserver. Provided and/or discovered by: The vendor credits Bjørn Steinbrink. Original Advisory: http://www.debian.org/security/2006/dsa-1011 Other References: SA19333: http://secunia.com/advisories/19333/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1212 Related Secunia Security Advisories, displaying 10

1. Debian update for postfix

2. Debian update for pdns

3. Debian update for httracker

4. Debian update for opensc

5. Debian update for cupsys

6. Debian update for libxslt

7. Debian update for newsx

8. Debian update for ruby1.9

9. Debian update for python2.5

10. Debian update for icedove

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Opera Multiple Vulnerabilities

2.	Microsoft Outlook Express MHTML URL Processing Vulnerability

3.	Folder Lock Weak Password Encryption Security Issue

4.	neon "parse_domain() " Denial of Service Vulnerability

5.	vBulletin Private Message Subject Script Insertion

6.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

7.	Short Url & Url Tracker Script "id" SQL Injection Vulnerability

8.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow

9.	PluggedOut Blog "index.php" SQL Injection Vulnerabilities

10.	Vanilla Multiple Vulnerabilities