TUCoPS :: Linux :: Apps A-M :: lnx4960.htm

gpm-root local root format string vulnerabilities
28th Dec 2001 [SBWID-4960]
COMMAND

	gpm-root local root format string vulnerabilities

SYSTEMS AFFECTED

	gpm-root 1.17.8-18 (previous versions ??)

PROBLEM

	In Debian Security Advisory DSA-095-1 [http://www.debian.org/security/]
	

	The package \'gpm\' contains the  \'gpm-root\'  program,  which  can  be
	used to  create  mouse-activated  menus  on  the  console.  Among  other
	problems, the gpm-root program contains a format  string  vulnerability,
	which allows an attacker to gain root privileges.
	

	Editors note : --------------
	

	It seems the problem lies in the shell mouse configuration  script  that
	wouldn\'t parse command line arguments properly.  Take  a  look  at  the
	diff.

SOLUTION

	Patch :
	

	http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz

	

	

	Use aptget to ugrade binaries

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH