Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

GnoRPM local /tmp vulnerability
From: Alan Cox <alan () LXORGUK UKUU ORG UK>
Date: Mon, 2 Oct 2000 20:06:14 +0100
While fixing other problems with the gnorpm package a locally exploitable
security hole was found where a normal user could trick root running GnoRPM
into writing to arbitary files due to a bug in the gnorpm tmp file handling.

A new release of GnoRPM (0.95.1) is now available. This fixes significant
numbers of gnorpm bugs including the security hole. Administrators who use
this program on multi-user machines may well want to update it, and anyone
who uses it regularly will probably appreciate the fact it now works rather
better than before.

All versions of GnoRPM before 0.95 are believe vulnerable

MD5Sum:
80521433f88fa09899e9105a24c69ef9        gnorpm-0.95.1.tar.gz

Download sites:
ftp.linux.org.uk:/pub/linux/alan/GNORPM/gnorpm-0.95.1.tar.gz
ftp.gnome.org:/pub/GNOME/stable/sources/gnorpm/gnorpm-0.95.1.tar.gz (soon)

Linux Vendor Update Information:

Conectiva Linux
~~~~~~~~~~~~~~~
ftp://atualizacoes.conectiva.com.br/
        {4.0,4.0es,5.0,5.1,ferramentas/ecommerce,ferramentas/graficas}

MandrakeSoft
~~~~~~~~~~~~
http://www.linux-mandrake.com/cooker/

Red Hat Linux
~~~~~~~~~~~~~
[URLS to be confirmed]

Linux Vendors Not Shipping Gnorpm
        Caldera OpenLinux
        Debian GNU Linux

  By Date           By Thread  

Current thread:
  • GnoRPM local /tmp vulnerability Alan Cox (Oct 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]