Debian update for kernel-patch-vserver / util-vserver - Secunia Advisories - Vulnerability Intelligence

Home > Vulnerability Intelligence > Secunia Advisories > Debian update for kernel-patch-vserver / util-vserver

Secunia Advisories

Advisories

Advisories by Product

Business Solutions Restricted

Partner Solutions Restricted

About

Debian update for kernel-patch-vserver / util-vserver
Secunia Advisory:	SA19339	Advisory Toolbox: Issue ticket Save in to-do list Mark as handled Exploit information Download as PDF Review actions Add comment
Release Date:	2006-03-22
Popularity:	5,956 views

Critical:	Less critical
Impact:	Security Bypass
Where:	Local system
Solution Status:	Vendor Patch

OS:	Debian GNU/Linux 3.1 Debian GNU/Linux unstable alias sid

Subscribe:	Instant alerts on relevant vulnerabilities

CVE reference:	CVE-2005-4347 CVE-2005-4418

Description: Debian has issued updates for kernel-patch-vserver and util-vserver. This fixes two security issues, which can be exploited by malicious programs to bypass certain security restrictions. 1) The 2.4 kernel patch included in the kernel-patch-vserver package does not properly setup the chroot barrier when used with util-vserver. This may result in unauthorised escapes from a vserver to the host system. 2) The default policy of util-vserver is set to trust all unknown capabilities instead of considering them as insecure. For more information: SA19333 Solution: Apply updated packages. -- Debian GNU/Linux 3.1 alias sarge -- Source archives: http://security.debian.org/pool/updat...rver/kernel-patch-vserver_1.9.5.5.dsc Size/MD5 checksum: 637 415731be72a9cd966e2fdb5d4f408c4a http://security.debian.org/pool/updat...r/kernel-patch-vserver_1.9.5.5.tar.gz Size/MD5 checksum: 950447 fe6b34612095d2fbdbaab5aefbd83264 http://security.debian.org/pool/updat...ver/util-vserver_0.30.204-5sarge3.dsc Size/MD5 checksum: 752 e32069a5ca2ef2bc87794cd6c2160821 http://security.debian.org/pool/updat...util-vserver_0.30.204-5sarge3.diff.gz Size/MD5 checksum: 115947 d0bb2cd998a73905189ee24b5f46dd0d http://security.debian.org/pool/updat...ver/util-vserver_0.30.204.orig.tar.gz Size/MD5 checksum: 677831 b315f375b1cef48da1b644dec18f22bd Architecture independent components: http://security.debian.org/pool/updat.../kernel-patch-vserver_1.9.5.5_all.deb Size/MD5 checksum: 436934 b50048ea819d150d660ed96e3988613b Alpha architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_alpha.deb Size/MD5 checksum: 600660 e52fe0ff93e4c9ca7d58fe8386ebab5a AMD64 architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_amd64.deb Size/MD5 checksum: 429530 c4155982844c085b7d9bc59d7eaa02c4 Intel IA-32 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_i386.deb Size/MD5 checksum: 398794 56831faa6fa6d76c601fee78251f50eb Intel IA-64 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_ia64.deb Size/MD5 checksum: 640332 ab2b2e4283ca5b62c9d9cf5776b6dadb Big endian MIPS architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_mips.deb Size/MD5 checksum: 612918 e4a60532f25ce776880261de79278e85 Little endian MIPS architecture: http://security.debian.org/pool/updat...l-vserver_0.30.204-5sarge3_mipsel.deb Size/MD5 checksum: 614152 f3aee29aad2682878f8ed22064f3fafa PowerPC architecture: http://security.debian.org/pool/updat...-vserver_0.30.204-5sarge3_powerpc.deb Size/MD5 checksum: 425444 9a7542249c2b70661abab2afd5270462 IBM S/390 architecture: http://security.debian.org/pool/updat...til-vserver_0.30.204-5sarge3_s390.deb Size/MD5 checksum: 440880 376560971a0d2db4bfd51beb67d42bff Sun Sparc architecture: http://security.debian.org/pool/updat...il-vserver_0.30.204-5sarge3_sparc.deb Size/MD5 checksum: 395640 51e24ac4754b1aa41277378ee9271a1f -- Debian GNU/Linux unstable alias sid -- Fixed in version 2.3 of kernel-patch-vserver and in version 0.30.208-1 of util-vserver. Provided and/or discovered by: The vendor credits Bjørn Steinbrink. Original Advisory: http://www.debian.org/security/2006/dsa-1011 Other References: SA19333: http://secunia.com/advisories/19333/

Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released. Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Latest Advisories

Today

New advisories:	24
New vulnerabilities:	99
Updated advisories:	26

Moderately // 142 views

Drupal Project Module File Upload and Cross-Site Scripting

Less // 184 views

SmbFTPD Long Command Processing Vulnerability

Less // 231 views

Drupal Project Issue Tracking Module Multiple Vulnerabilities

Less // 219 views

PHP-Fusion Members CV Module "sortby" SQL Injection Vulnerability

Moderately // 242 views

Lasso OpenSSL "DSA_verify()" Spoofing Vulnerability

Moderately // 208 views

Xdg-utils mailcap Command Execution Security Issue

Less // 235 views

FreeBSD update for lukemftpd

Less // 213 views

tnftpd Long Command Processing Vulnerability

Moderately // 303 views

Cisco Global Site Selector DNS Request Denial of Service

Less // 262 views

NTP OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability

Solutions | More...

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.