漏洞起因
设计错误
危险等级
低
影响系统
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu Ubuntu Linux 9.10
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu Ubuntu Linux 10.04 LTS
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu Ubuntu Linux 10.04 amd64
不受影响系统
危害
远程攻击者可以利用漏洞安装任意包到目标系统中。
攻击所需条件
攻击者必须访问Ubuntu。
漏洞信息
Ubuntu是一款基于linux内核流行的操作系统。
Dell Latitude 2110系统附带的Ubuntu映像默认配置存在问题,没有正确验证包即可安装。攻击者可以通过控制Ubuntu档镜像服务器,并通过中间人攻击修改包,并以ROOT权限安装后执行任意代码。
测试方法
厂商解决方案
用户可参考如下供应商提供的安全补丁:
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu base-files_5.0.0ubuntu7.1_sparc.deb
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7 .1_sparc.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu7.1_all.udeb
Ubuntu Ubuntu Linux 10.04 powerpc
Ubuntu base-files_5.0.0ubuntu20.10.04.2_powerpc.deb
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu2 0.10.04.2_powerpc.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu20.10.04.2_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu20.10.04.2_all.udeb
Ubuntu Ubuntu Linux 9.10 lpia
Ubuntu base-files_5.0.0ubuntu7.1_lpia.deb
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7 .1_lpia.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu7.1_all.udeb
Ubuntu Ubuntu Linux 9.10 i386
Ubuntu base-files_5.0.0ubuntu7.1_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5. 0.0ubuntu7.1_i386.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu7.1_all.udeb
Ubuntu Ubuntu Linux 10.04 amd64
Ubuntu base-files_5.0.0ubuntu20.10.04.2_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5. 0.0ubuntu20.10.04.2_amd64.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu20.10.04.2_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu20.10.04.2_all.udeb
Ubuntu Ubuntu Linux 10.04 sparc
Ubuntu lsb-release-udeb_5.0.0ubuntu20.10.04.2_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu20.10.04.2_all.udeb
Ubuntu base-files_5.0.0ubuntu20.10.04.2_sparc.deb
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu2 0.10.04.2_sparc.deb
Ubuntu Ubuntu Linux 10.04 i386
Ubuntu base-files_5.0.0ubuntu20.10.04.2_i386.deb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5. 0.0ubuntu20.10.04.2_i386.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu20.10.04.2_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu20.10.04.2_all.udeb
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu base-files_5.0.0ubuntu7.1_powerpc.deb
http://ports.ubuntu.com/pool/main/b/base-files/base-files_5.0.0ubuntu7 .1_powerpc.deb
Ubuntu lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu7.1_all.udeb
Ubuntu Ubuntu Linux 9.10 amd64
Ubuntu lsb-release-udeb_5.0.0ubuntu7.1_all.udeb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/lsb-release-u deb_5.0.0ubuntu7.1_all.udeb
Ubuntu base-files_5.0.0ubuntu7.1_amd64.deb
http://security.ubuntu.com/ubuntu/pool/main/b/base-files/base-files_5. 0.0ubuntu7.1_amd64.deb
漏洞提供者
Ubuntu
0 条评论。