Ubuntu
ldm package

[ldm] [CVE-2008-1293] information disclosure

Bug #227295 reported by disabled.user on 2008-05-06

258

Affects		Status	Importance	Assigned to	Milestone
	ldm (Debian)	Fix Released	Unknown	debbugs #469462
	ldm (Ubuntu)	Fix Released	Medium	Oliver Grawert
Declined for Hardy by Oliver Grawert
Declined for Intrepid by Oliver Grawert
	Dapper	Fix Released	Medium	Oliver Grawert
	Feisty	Fix Released	Medium	Oliver Grawert
	Gutsy	Fix Released	Medium	Oliver Grawert

Bug Description

Binary package hint: ldm

References:
DSA-1561-1 (http://www.debian.org/security/2008/dsa-1561)

Quoting:
"Christian Herzog discovered that within the Linux Terminal Server Project,
it was possible to connect to X on any LTSP client from any host on the
network, making client windows and keystrokes visible to that host."

Related branches

lp:ubuntu/feisty-security/ltsp

lp:ubuntu/dapper-security/ltsp

lp:ubuntu/gutsy-security/ltsp

CVE References

2008-1293

Revision history for this message

Oliver Grawert (ogra) wrote on 2008-05-06:

#1

this is fixed in hardy and intrepid

Revision history for this message

Oliver Grawert (ogra) wrote on 2008-05-06:

#2

confirmed for dapper,feisty and gutsy

Changed in ldm:
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2008-05-06

Changed in ldm:
status:	Unknown → Fix Released

Revision history for this message

Oliver Grawert (ogra) wrote on 2008-05-06:

#3

ldm-dapper.debdiff Edit (1.1 KiB, text/plain)

Revision history for this message

Oliver Grawert (ogra) wrote on 2008-05-06:

#4

ldm-feisty.debdiff Edit (1.2 KiB, text/plain)

Revision history for this message

Oliver Grawert (ogra) wrote on 2008-05-06:

#5

ldm-gutsy.debdiff Edit (1.1 KiB, text/plain)

Kees Cook (kees) on 2008-05-06

Changed in ldm:
assignee:	nobody → keescook
status:	Confirmed → In Progress

Revision history for this message

Kees Cook (kees) wrote on 2008-05-07:

#6

Fixed with USN: http://www.ubuntu.com/usn/usn-610-1

Changed in ldm:
status:	In Progress → Fix Released
assignee:	nobody → ogra
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → ogra
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	nobody → ogra
importance:	Undecided → Medium
status:	New → Fix Released
assignee:	keescook → ogra
importance:	Undecided → Medium

Revision history for this message

emmanuel (emmanuel-inl) wrote on 2008-05-29:

#7

01ldm.dpatch Edit (948 bytes, text/plain)

I can't login anymore with this correction ...

Here is a better patch (I can add LM_DIRECTX to true and i can login with .Xauthority)

Changed in ldm:
status:	Fix Released → Invalid

Revision history for this message

Kees Cook (kees) wrote on 2008-05-29:

#8

Please open a new bug if you're experiencing regressions.

Changed in ldm:
status:	Invalid → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #469462
[done critical patch security] Edit

Bug watches keep track of this bug in other bug trackers.