[17003] in bugtraq
GnoRPM local /tmp vulnerability
daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Oct 2 18:48:05 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <E13gAul-0004bG-00@the-village.bc.nu>
Date: Mon, 2 Oct 2000 20:06:14 +0100
Reply-To: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
From: Alan Cox <alan@LXORGUK.UKUU.ORG.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
While fixing other problems with the gnorpm package a locally exploitable
security hole was found where a normal user could trick root running GnoRPM
into writing to arbitary files due to a bug in the gnorpm tmp file handling.
A new release of GnoRPM (0.95.1) is now available. This fixes significant
numbers of gnorpm bugs including the security hole. Administrators who use
this program on multi-user machines may well want to update it, and anyone
who uses it regularly will probably appreciate the fact it now works rather
better than before.
All versions of GnoRPM before 0.95 are believe vulnerable
MD5Sum:
80521433f88fa09899e9105a24c69ef9 gnorpm-0.95.1.tar.gz
Download sites:
ftp.linux.org.uk:/pub/linux/alan/GNORPM/gnorpm-0.95.1.tar.gz
ftp.gnome.org:/pub/GNOME/stable/sources/gnorpm/gnorpm-0.95.1.tar.gz (soon)
Linux Vendor Update Information:
Conectiva Linux
~~~~~~~~~~~~~~~
ftp://atualizacoes.conectiva.com.br/
{4.0,4.0es,5.0,5.1,ferramentas/ecommerce,ferramentas/graficas}
MandrakeSoft
~~~~~~~~~~~~
http://www.linux-mandrake.com/cooker/
Red Hat Linux
~~~~~~~~~~~~~
[URLS to be confirmed]
Linux Vendors Not Shipping Gnorpm
Caldera OpenLinux
Debian GNU Linux
