[prev in list] [next in list] [prev in thread] [next in thread]
List: secunia-sec-adv
Subject: [SA11738] Debian GATOS xatitv Potential Privilege Escalation Vulnerability
From: Secunia Security Advisories <sec-adv () secunia ! com>
Date: 2004-05-31 8:28:48
Message-ID: 200405310828.i4V8SmYG014623 () secunia ! com
[Download RAW message or body]
TITLE:
Debian GATOS xatitv Potential Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA11738
VERIFY ADVISORY:
http://secunia.com/advisories/11738/
CRITICAL:
Not critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
Debian GNU/Linux unstable alias sid
Debian GNU/Linux 3.0
DESCRIPTION:
Debian has issued an update for gatos. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
The vulnerability is caused due to an error within xatitv during
initialisation. This may result in the program not dropping its root
privileges before executing "system()" without sanitising
user-supplied environment variables.
Successful exploitation may grant root privileges but requires that
no configuration file is present (a default configuration file is
included).
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 3.0 alias woody --
Source archives:
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.dsc
Size/MD5 checksum: 629 73d7637956bdcc827fb3c9be500902a0
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1.diff.gz
Size/MD5 checksum: 40666 2ff18e9bbf71ea71ce9b2a43486c8cc6
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5.orig.tar.gz
Size/MD5 checksum: 483916 9c16631afc933bde6f5d5e1421efddb7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gatos/gatos_0.0.5-6woody1_i386.deb
Size/MD5 checksum: 176268 d64a2e508adbd6423c6a0bbf2426c11b
http://security.debian.org/pool/updates/main/g/gatos/libgatos-dev_0.0.5-6woody1_i386.deb
Size/MD5 checksum: 109416 81ada7ba7f2d0d44d2cf107154a2cd93
http://security.debian.org/pool/updates/main/g/gatos/libgatos0_0.0.5-6woody1_i386.deb
Size/MD5 checksum: 75040 4c2f9aea5082612027d520bab82dbff5
-- Debian GNU/Linux unstable alias sid --
The vulnerability will reportedly be fixed soon.
PROVIDED AND/OR DISCOVERED BY:
Steve Kemp
ORIGINAL ADVISORY:
http://www.debian.org/security/2004/dsa-509
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=secunia-sec-adv@progressive-comp.com
----------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic