|
|
|
Vulnerability Note VU#25701
Linux gpm daemon allows arbitrary file removal
Overviewgpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files.
I. Descriptiongpm (General Purpose Mouse) is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can be started from the command line or in the startup script /etc/rc.d/rc.local. A vulnerability in gpm version 1.19.2 and earlier allows local users to delete arbitrary files.II. ImpactA user with console access can use this vulnerability to delete any file of his choosing.III. SolutionUpgrade to gpm version 1.19.3 or later.Systems Affected
References
http://www.securityfocus.com/bid/1512
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0667
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000240
http://marc.theaimsgroup.com/?l=bugtraq&m=96473014104340&w=2
http://archives.neohapsis.com/archives/bugtraq/2000-07/0396.html
http://www.caldera.com/support/security/advisories/CSSA-2000-024.0.txt
http://marc.theaimsgroup.com/?l=bugtraq&m=96480812908563&w=2
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-025.php3?dis=6.0
http://www.redhat.com/support/errata/RHSA-2000-045-01.html
Credit
This document was written by Andy Moore.
Other Information
| Date Public | 07/27/2000 |
| Date First Published | 05/25/2001 02:23:29 PM |
| Date Last Updated | 09/13/2002 |
| CERT Advisory | |
| CVE Name | CAN-2000-0667 |
| Metric | 3.04 |
| Document Revision | 11 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
