#Tomcat de #Ubuntu presenta #Vulnerabilidades
Vulnerabilidades en Tomcat
Una serie de vulnerabilidades afectan las siguientes versiones de Ubuntu:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
Tambien aplica a las versiones de:
Kubuntu, Edubuntu y Xubuntu.
El problema se puede resolver actualizando el sistema, les dejo los links para cada una de las versiones:
Ubuntu 9.10:
libtomcat6-java 6.0.20-2ubuntu2.4
tomcat6-admin 6.0.20-2ubuntu2.4
Ubuntu 10.04 LTS:
libtomcat6-java 6.0.24-2ubuntu1.7
tomcat6-admin 6.0.24-2ubuntu1.7
Ubuntu 10.10:
libtomcat6-java 6.0.28-2ubuntu1.2
tomcat6-admin 6.0.28-2ubuntu1.2
En general, al actualizar el sistema este realizará los cambios necesarios para esta vulnerabilidad.
Para Ubuntu 9.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.diff.gz
Size/MD5: 30146 368440fa70bc0db3761dabf5f2709dda
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4.dsc
Size/MD5: 2199 24aa6255ebff7bd1eb07dfa60724e814
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20.orig.tar.gz
Size/MD5: 3590562 44f49e7e14028b6a53c3c346bd18c72f
Paquetes de Arquitectura Independiente:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 247668 768a68b87440f30367d7411d0577d165
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 183426 ed8f02b43e199f809f41fae880766e87
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 2915040 4a12a41f6d19bd3b6ed60689ead5d006
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 39302 c03eff75d4c4ae56b31f93665851a13a
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 37028 5ecbb0f812963199b14d75f122f6e6f1
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 480530 f6b5cef256b51db43e6312aed3036bf6
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 419566 dbc1ceb31ccbd312b3b6e33bd1a852a2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 22166 68229ede69d18279fb42e8860b85dcb4
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.20-2ubuntu2.4_all.deb
Size/MD5: 26564 e476efe024c88de1af97d90e741f6861
Para Ubuntu 10.04 LTS:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.debian.tar.gz
Size/MD5: 36286 14073ec9f0672f44cc6a32235e81c29d
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7.dsc
Size/MD5: 2405 6b7d220adbe7cd6be08219e82d9aa455
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24.orig.tar.gz
Size/MD5: 3262568 0bc48af723d6fee31e404434b3744f66
Paquetes de Arquitectura Independiente:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 255654 3ce49af59adc048b9d09f8835872def6
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 190998 5ada256123bf0f2caed7997bafc5a64f
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 3008834 98b54b99e32a9438303232367b66d607
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 42308 50bc5b02ee89bcfb03db3008923b55de
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 46510 5be3c6ac05b1abd929f43b0fcfe48b90
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 510134 6a08a6206e048f73c57bb47e666e6033
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 158016 ba1ac786b1bae3b826b8760a0de2e2ff
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 25632 047bb156942e60dddb28002002c0bf82
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.24-2ubuntu1.7_all.deb
Size/MD5: 31636 24c8c29feaa4d0e54e47f4fcd521d7b8
Para Ubuntu 10.10:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.debian.tar.gz
Size/MD5: 38583 a37a9a0eb6c8b47c02e68d3b2abf7bad
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2.dsc
Size/MD5: 2360 7195e057f375b37fb6bee143379aa709
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28.orig.tar.gz
Size/MD5: 3114279 c3d696609054be07a55c14a7de1b8ddf
Paquetes de Arquitectura Independiente:
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java-doc_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 248152 d369aba28ffd0f4915cdfa5df802e8b2
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libservlet2.5-java_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 191768 6825151048eb76f3e689a544c8556b02
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/libtomcat6-java_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 3025748 2a472cf2b6cb4db888267bc0929d6bf3
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-admin_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 42910 2ece5f8876f3af69148d6e43fc76d5d5
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-common_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 47558 f5e5851d790a889592ec76e39553a9a7
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-docs_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 514046 759531246db94fed8d60aa3acf875e9a
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-examples_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 161072 ce091b828050a221a1b79665a3e36e9b
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6-user_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 26196 cf4d5b3b1f61f30fe244cc51d11f1c10
http://security.ubuntu.com/ubuntu/pool/main/t/tomcat6/tomcat6_6.0.28-2ubuntu1.2_all.deb
Size/MD5: 33088 1dbe58b7fda5951c3192f57671cb54bb
Espero que les ayude y les sea de utilidad, no olvides dejar tu comentario.
Reciban un cordial saludo.
Victor Miranda
Professional Ethical Hacker, Pentester & Forensics Investigator MPCS, CEH v8, CSSP, CICP-CICAP HTCIA Member & ISECOM Member Twitter: @victormirandamx