From cog@seul.org Sat Apr 15 01:19:07 2000 From: David Webster To: independence-l@independence.seul.org Cc: jericho@attrition.org Date: Fri, 14 Apr 2000 17:36:05 +0100 (BST) Reply-To: cognition@bigfoot.com Subject: PISA-13-APR-00-003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 http://www.independence.seul.org/security/2000/files/PISA-13-APR-00-003: .------------------------------------------------. |**** Project Independence Security Advisory ****| `-----------* ID: PISA-13-APR-00-003 *-----------' Issued by: David Webster Issue Date: 13-APR-00 Overview: Part of the gpm package (gpm-root) fails to fully drop root (gid=0) privileges when executing user commands. Affected: All systems running gpm-root Independence 6.0-0.8 and 6.2 prior to the above date. References: RHSA-2000:009-02 (http://www.redhat.com/support/errata/RHSA-2000009-02.html) http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com -=-=-==-=-=- Detailed Problem Description: gpm is a cut and paste utility and mouse server for virtual consoles. As part of this package, the gpm-root program allows people to define menus and actions for display when clicking on the background of current tty. The current gpm-root program fails to correctly give up the group id 0 membership for user defined menus. If you are running gpm-root on your system then you are at risk. Solution: Update the affected RPM packages by downloading and installing the RPMs listed below. For each RPM, run: root# rpm -Fvh where is the name of the RPM. [Note: You need only install EITHER the compiled RPM, (*.i386.rpm) OR the source RPM, (*.src.rpm), NOT both.] RPMs: http://independence.seul.org/security/2000/rpms/gpm-1.19.1-1.i386.rpm ftp://updates.redhat.com/6.2/i386/gpm-1.19.1-1.i386.rpm Source RPMs: http://independence.seul.org/security/2000/rpms/gpm-1.19.1-1.src.rpm ftp://updates.redhat.com/6.2/SRPMS/gpm-1.19.1-1.src.rpm Verification: MD5 sum Package Name - -------------------------------------------------------------------------- 86a800ce94206877edc4f6e88272deee gpm-1.19.1-1.i386.rpm 8dedce47f4e6aa7bbfb36d9630561cd4 gpm-1.19.1-1.src.rpm - -------------------------------------------------------------------------- These packages are GPG signed by Red Hat, Inc. for security. Their key is available at: http://www.redhat.com/corp/contact.html You can verify each package with the following command: rpm --checksig If you only wish to verify that each package has not been corrupted or tampered with, examine only the md5sum with the following command: rpm --checksig --nogpg This security advisory, and all future ones should be signed by me, David Webster (aka cognition) , with key ID: 45 FA C2 83 An archive of these messages can be found on: http://independence.seul.org/security/ [Note: these problems were discovered, and fixed by RedHat. Thanks also go to Egmont Koblinger and the members of the Bugtraq list.] .---------------------------------------------------. | And problems regarding this, or future advisories | | should be emailed to me: | `---------------------------------------------------' -----BEGIN PGP SIGNATURE----- Comment: David Webster (aka cogNiTioN) iD8DBQE490kRDdLNO0X6woMRAjBgAKCM/IgIXXgLY0TA4XuJzqIjFUvQSACg2HDZ ykET2pL2OqD9N9mds5gNGxA= =IxPe -----END PGP SIGNATURE-----