---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Ubuntu update for system-tools-backends SECUNIA ADVISORY ID: SA32566 VERIFY ADVISORY: http://secunia.com/advisories/32566/ CRITICAL: Not critical IMPACT: Brute force WHERE: >From remote OPERATING SYSTEM: Ubuntu Linux 8.10 http://secunia.com/advisories/product/20299/ DESCRIPTION: Ubuntu has issued an update for system-tools-backend. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks. The weakness is caused due to the "Users and Groups" tool using 3DES instead of MD5 when setting passwords for users. This may weaken the security as passwords are limited to 8 characters. SOLUTION: Apply updated packages. -- Ubuntu 8.10 -- Source archives: http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1.diff.gz Size/MD5: 11981 0a9e19e908466dca073aafdbca052e10 http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1.dsc Size/MD5: 1585 cc8c71def106ad81fa59c45bae82790d http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends_2.6.0.orig.tar.gz Size/MD5: 567711 913530493fa6cff6e797f4c888641d42 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends-dev_2.6.0-1ubuntu1.1_all.deb Size/MD5: 14022 b1ba12e53953c0ee1449a8605232fabb amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1_amd64.deb Size/MD5: 113012 89e50d2b48202e6e5b4c2da8b06dff1c i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1_i386.deb Size/MD5: 111786 f4f2c2a8808320cde6b1ee8105550dec lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1_lpia.deb Size/MD5: 111740 23882632c5460e7afbc3e04c6782c8dc powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1_powerpc.deb Size/MD5: 114390 1fcb07972e510878a1cb8668efb26f5b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/s/system-tools-backends/system-tools-backends_2.6.0-1ubuntu1.1_sparc.deb Size/MD5: 112456 6e27917fa2fa9371f518e9f04cc34c6d PROVIDED AND/OR DISCOVERED BY: Reported in a bug by Ivan Zorin. ORIGINAL ADVISORY: USN-663-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-November/000771.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------