Bugtraq mailing list archives

gpm-root initgroups()

From: egmont () FAZEKAS HU (Koblinger Egmont)
Date: Sun, 23 Apr 2000 21:31:20 +0200


Hello!

As reported before, the "gpm-root" daemon in gpm-1.19.0 and earlier lets
the user execute any command with uid=0. gpm-1.19.1 fixed half of the
security hole by calling setuid() and setgid() at the right place but not
calling initgruops().

gpm-1.19.2 is out there, which calls initgroups() correctly, fully
fixing this security hole. Therefore anyone running gpm-root is highly
recommended to upgrade to gpm-1.19.2 or apply its setuid(), setgid() and
initgruops() releated patches.

Best regards
Egmont Koblinger

Current thread:

CVS DoS, (continued)
- - CVS DoS Michal Szymanski (Apr 23)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - Re: CVS DoS Kris Kennaway (Apr 24)
    - finding Meeting Maker passwords using tcpdump mhpower () MIT EDU (Apr 24)
    - ZoneAlarm Vulnerability Alfred Huger (Apr 25)
    - Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Laurent LEVIER (Apr 25)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Casper Dik (Apr 26)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Dimitri Avgoustakis (Apr 26)
    - Re: Solaris Sparc 2.6 & 7 lp/lpset/lpstat root compromise exploit Theodor R. Gislason (Apr 26)
    - SECURITY: UPDATED - RHSA-2000:014 New Piranha release available Cristian Gafton (Apr 26)
  - gpm-root initgroups() Koblinger Egmont (Apr 23)
  - Postgresql cleartext password storage Robert van der Meulen (Apr 23)
    - Re: Postgresql cleartext password storage Alexandru Popa (Apr 24)
  - Re: ZoneAlarm Stephen M. Milton (Apr 24)
- Microsoft Security Bulletin (MS00-027) Microsoft Product Security (Apr 20)
- Remote vulnerability in LCDproc 0.4 Andrew Hobgood (Apr 20)
- Remote DoS attack in RealServer David Cotter (Apr 20)
- CMD.EXE overflow (CISADV000420) Cerberus Security Team (Apr 21)