Bugtraq mailing list archives

GnoRPM local /tmp vulnerability

From: Alan Cox <alan () LXORGUK UKUU ORG UK>
Date: Mon, 2 Oct 2000 20:06:14 +0100

While fixing other problems with the gnorpm package a locally exploitable
security hole was found where a normal user could trick root running GnoRPM
into writing to arbitary files due to a bug in the gnorpm tmp file handling.

A new release of GnoRPM (0.95.1) is now available. This fixes significant
numbers of gnorpm bugs including the security hole. Administrators who use
this program on multi-user machines may well want to update it, and anyone
who uses it regularly will probably appreciate the fact it now works rather
better than before.

All versions of GnoRPM before 0.95 are believe vulnerable

MD5Sum:
80521433f88fa09899e9105a24c69ef9        gnorpm-0.95.1.tar.gz

Download sites:
ftp.linux.org.uk:/pub/linux/alan/GNORPM/gnorpm-0.95.1.tar.gz
ftp.gnome.org:/pub/GNOME/stable/sources/gnorpm/gnorpm-0.95.1.tar.gz (soon)

Linux Vendor Update Information:

Conectiva Linux
~~~~~~~~~~~~~~~
ftp://atualizacoes.conectiva.com.br/
        {4.0,4.0es,5.0,5.1,ferramentas/ecommerce,ferramentas/graficas}

MandrakeSoft
~~~~~~~~~~~~
http://www.linux-mandrake.com/cooker/

Red Hat Linux
~~~~~~~~~~~~~
[URLS to be confirmed]

Linux Vendors Not Shipping Gnorpm
        Caldera OpenLinux
        Debian GNU Linux

Current thread:

GnoRPM local /tmp vulnerability Alan Cox (Oct 02)