Bugtraq mailing list archives
GnoRPM local /tmp vulnerability
From: Alan Cox <alan () LXORGUK UKUU ORG UK>
Date: Mon, 2 Oct 2000 20:06:14 +0100
While fixing other problems with the gnorpm package a locally exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitary files due to a bug in the gnorpm tmp file handling. A new release of GnoRPM (0.95.1) is now available. This fixes significant numbers of gnorpm bugs including the security hole. Administrators who use this program on multi-user machines may well want to update it, and anyone who uses it regularly will probably appreciate the fact it now works rather better than before. All versions of GnoRPM before 0.95 are believe vulnerable MD5Sum: 80521433f88fa09899e9105a24c69ef9 gnorpm-0.95.1.tar.gz Download sites: ftp.linux.org.uk:/pub/linux/alan/GNORPM/gnorpm-0.95.1.tar.gz ftp.gnome.org:/pub/GNOME/stable/sources/gnorpm/gnorpm-0.95.1.tar.gz (soon) Linux Vendor Update Information: Conectiva Linux ~~~~~~~~~~~~~~~ ftp://atualizacoes.conectiva.com.br/ {4.0,4.0es,5.0,5.1,ferramentas/ecommerce,ferramentas/graficas} MandrakeSoft ~~~~~~~~~~~~ http://www.linux-mandrake.com/cooker/ Red Hat Linux ~~~~~~~~~~~~~ [URLS to be confirmed] Linux Vendors Not Shipping Gnorpm Caldera OpenLinux Debian GNU Linux
Current thread:
- GnoRPM local /tmp vulnerability Alan Cox (Oct 02)