Originally Published: Saturday, 27 May 2000 Author: Alexander Reelsen
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

TurboLinux Security Announcement - gpm

A security announcement concerning gpm on TurboLinux, where gpm can lead to root privileges.

   Page 1 of 1  

From: "Katherine M. Moussouris" To: tl-security-announce@turbolinux.com Subject: [TL-Security-Announce] gpm TLSA2000011-1


TurboLinux Security Announcement

Package: gpm-1.19.1 and earlier Date: Fri May 26 18:13:46 PDT 2000 Affected TurboLinux versions: 6.0.4 and earlier Vulnerability Type: local root compromise TurboLinux Advisory ID#: TLSA2000011-1 BugTraq ID#: 1069 Credits: This vulnerability was posted to Bugtraq by Egmont Koblinger. ______________________________________________________________________________

A security hole was discovered in the package mentioned above. Please update the package in your installation as soon as possible or disable the service. ______________________________________________________________________________ 1. Problem Summary

The gpm-root program, included in the gpm package, contains a programming error whereby a call to setgid() fails, and defaults to the group of the gpm-root binary. The group for the gpm-root binary in the affected installations is root. 2. Impact

A user with console access can use this vulnerability to execute arbitrary commands with elevated priviledges.

3. Solution

Update the packages from our ftp server by running the following command for each package: rpm -Fvh ftp_path_to_filename

Where ftp_path_to_filename is the following:

ftp://ftp.turbolinux.com/pub/updates/6.0/security/gpm-1.19.2-5.i386.rpm ftp://ftp.turbolinux.com/pub/updates/6.0/security/gpm-devel-1.19.2-5.i386.rpm

The source RPM can be downloaded here:

ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/gpm-1.19.2-5.src.rpm **Note: You must rebuild and install the RPM if you choose to download and install the SRPM. Simply installing the SRPM alone WILL NOT CLOSE THE SECURITY HOLE.

Please verify the MD5 checksum of the update before you install:

MD5 sum Package Name - ------------------------------------------------------------ 509dfa5effac6a33611420c8eb2913f6 gpm-1.19.2-5.i386.rpm 270376d6f9dcf3c37207bf6b8265e5a2 gpm-devel-1.19.2-5.i386.rpm

c25705ec1fb6c0c28579e0c9a9943d29 gpm-1.19.2-5.src.rpm ______________________________________________________________________________

   Page 1 of 1