TUCoPS :: Linux :: Apps N-Z :: lnx4904.htm

wmtv root compromise
6th Dec 2001 [SBWID-4904]
COMMAND

	wmtv

SYSTEMS AFFECTED

	wmtv version 0.6.5

PROBLEM

	As reported in  Debian  Security  Advisory  DSA-092-1,  Nicolas  Boullis
	found a nasty security problem in the wmtv (a  dockable  video4linux  tv
	player for windowmaker) package as distributed in Debian GNU/Linux 2.2.
	

	wmtv can optionally run a command if you double-click on the tv  window.
	This command can be specified using the -e command-line option.  However
	since wmtv is installed suid root this command was  also  run  as  root,
	which gives local users a very simple way to get root access.

SOLUTION

	Upgrade.
	

	Under Debian, this has been fixed in version 0.6.5-2potato1.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH