Ubuntu

USN-3242-1: Samba vulnerability

Ubuntu Security Notice USN-3242-1

23rd March, 2017

samba vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 16.10
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS
  • Ubuntu 12.04 LTS

Summary

Samba could be made to expose sensitive information over the network.

Software description

  • samba
    – SMB/CIFS file, print, and login server for Unix

Details

Jann Horn discovered that Samba incorrectly handled symlinks. An
authenticated remote attacker could use this issue to access files on the
server outside of the exported directories.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 16.10:
samba

2:4.4.5+dfsg-2ubuntu5.4
Ubuntu 16.04 LTS:
samba

2:4.3.11+dfsg-0ubuntu0.16.04.5
Ubuntu 14.04 LTS:
samba

2:4.3.11+dfsg-0ubuntu0.14.04.6
Ubuntu 12.04 LTS:
samba

2:3.6.25-0ubuntu0.12.04.9

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2017-2619

Ubuntu

USN-3243-1: Git vulnerability

Ubuntu Security Notice USN-3243-1

23rd March, 2017

git vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 14.04 LTS

Summary

Git could be made to run programs as your login if it explored a specially
crafted repository.

Software description

  • git
    – fast, scalable, distributed revision control system

Details

It was discovered that Git incorrectly sanitized branch names in the PS1
variable when configured to display the repository status in the shell
prompt. If a user were tricked into exploring a malicious repository, a
remote attacker could use this issue to execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 14.04 LTS:
git

1:1.9.1-1ubuntu0.4

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2014-9938

Ubuntu

USN-3239-3: GNU C Library regression

Ubuntu Security Notice USN-3239-3

24th March, 2017

eglibc regression

A security issue affects these releases of Ubuntu and its
derivatives:

  • Ubuntu 12.04 LTS

Summary

USN-3239-1 introduced a regression in the GNU C Library.

Software description

  • eglibc
    – GNU C Library

Details

USN-3239-1 fixed vulnerabilities in the GNU C Library. Unfortunately,
the fix for CVE-2016-3706 introduced a regression that in some
circumstances prevented IPv6 addresses from resolving. This update
reverts the change in Ubuntu 12.04 LTS. We apologize for the error.

Original advisory details:

It was discovered that the GNU C Library incorrectly handled the
strxfrm() function. An attacker could use this issue to cause a denial
of service or possibly execute arbitrary code. This issue only affected
Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8982)

It was discovered that an integer overflow existed in the
_IO_wstr_overflow() function of the GNU C Library. An attacker could
use this to cause a denial of service or possibly execute arbitrary
code. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04
LTS. (CVE-2015-8983)

It was discovered that the fnmatch() function in the GNU C Library
did not properly handle certain malformed patterns. An attacker could
use this to cause a denial of service. This issue only affected Ubuntu
12.04 LTS and Ubuntu 14.04 LTS. (CVE-2015-8984)

Alexander Cherepanov discovered a stack-based buffer overflow in the
glob implementation of the GNU C Library. An attacker could use this
to specially craft a directory layout and cause a denial of service.
(CVE-2016-1234)

Michael Petlan discovered an unbounded stack allocation in the
getaddrinfo() function of the GNU C Library. An attacker could use
this to cause a denial of service. (CVE-2016-3706)

Aldy Hernandez discovered an unbounded stack allocation in the sunrpc
implementation in the GNU C Library. An attacker could use this to
cause a denial of service. (CVE-2016-4429)

Tim Ruehsen discovered that the getaddrinfo() implementation in the
GNU C Library did not properly track memory allocations. An attacker
could use this to cause a denial of service. This issue only affected
Ubuntu 16.04 LTS. (CVE-2016-5417)

Andreas Schwab discovered that the GNU C Library on ARM 32-bit
platforms did not properly set up execution contexts. An attacker
could use this to cause a denial of service. (CVE-2016-6323)

Update instructions

The problem can be corrected by updating your system to the following
package version:

Ubuntu 12.04 LTS:
libc6

2.15-0ubuntu10.18

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

After a standard system update you need to reboot your computer to make
all the necessary changes.

References

https://bugs.launchpad.net/bugs/1674776

Security

NETGEAR WNR2000v5 (Un)authenticated hidden_lang_avi Stack Overflow

The NETGEAR WNR2000 router has a buffer overflow vulnerability in the hidden_lang_avi parameter. In order to exploit it, it is necessary to guess the value of a certain timestamp which is in the configuration of the router. An authenticated attacker can simply fetch this from a page, but an unauthenticated attacker has to brute force it. Brute-forcing the timestamp token might take a few minutes, a few hours, or days, but it is guaranteed that it can be brute-forced. This Metasploit module implements both modes, and it works very reliably. It has been tested with the WNR2000v5, firmware versions 1.0.0.34 and 1.0.0.18. It should also work with hardware revisions v4 and v3, but this has not been tested – with these routers it might be necessary to adjust the LibcBase variable as well as the gadget addresses.

Software and Security Information