Description
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
Affected products
- alessandro_rubini / gpm1.18.1 – 1.18.1
- alessandro_rubini / gpm1.19 – 1.19
- Debian / debian_linux2.0 – 2.0
- Debian / debian_linux2.1 – 2.1
- Debian / debian_linux2.2 – 2.2
- Debian / debian_linux2.2 – 2.2
- RedHat / linux6.0 – 6.0
- RedHat / linux6.1 – 6.1
- RedHat / linux6.2 – 6.2
- SUSE / suse_linux5.3 – 5.3
- SUSE / suse_linux6.0 – 6.0
- SUSE / suse_linux6.1 – 6.1
- SUSE / suse_linux6.2 – 6.2
- SUSE / suse_linux6.3 – 6.3
References
- MISChttp://www.redhat.com/support/errata/RHSA-2000-045.html
- MISChttp://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
- MISChttp://www.securityfocus.com/bid/1069
- MISChttp://www.redhat.com/support/errata/RHSA-2000-009.html
- VENDOR_ADVISORYhttp://www.novell.com/linux/security/advisories/suse_security_announce_45.html