Linux gpm Denial of Service Vulnerability

Bugtraq ID:	1377
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2000-0531
Remote:	No
Local:	Yes
Published:	Nov 23 1999 12:00AM
Updated:	Jul 11 2009 02:56AM
Credit:	Discovered by Tomasz Grabowski <[email protected]> and exploit/update posted to Bugtraq on June 20, 2000.
Vulnerable:	SCO eServer 2.3 Redhat Linux 6.1 i386 Redhat Linux 6.0 Caldera OpenLinux 2.4 Caldera OpenLinux 2.3
Not Vulnerable:

Linux gpm Denial of Service Vulnerability

gpm is a program that allows Linux users to use the mouse in virtual consoles. It communicates with a device, /dev/gpmctl, via unix domain STREAM sockets and is vulnerable to a locally exploitable denial of service attack. If a malicious user makes too many connections to the device, it will hang and gpm will not function. RedHat 6.1 is confirmed to be vulnerable. It is not known what other linux distributions may also be vulnerable.

Linux gpm Denial of Service Vulnerability

x

• /data/vulnerabilities/exploits/gpm-dos.c

Linux gpm Denial of Service Vulnerability

Solution:
This was patched in RedHat's "Rawhide" release and a fixed version of gpm is available at:

ftp://ftp.redhat.com/pub/Linux/redhat-rawhide/i386/RedHat/RPMS/gpm-1.19.2-1.i386.rpm

Updates for OpenLinux 2.3 and 2.4 are also available from Caldera.


Caldera OpenLinux 2.3

• Caldera gpm-1.17.8-5
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/gp m-1.17.8-5.i386.rpm

SCO eServer 2.3

• Caldera eServer 2.3: gpm-1.17.8-5
  ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/gpm- 1.17.8-5.i386.rpm

Caldera OpenLinux 2.4

• Caldera gpm-1.19.2-4
  ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/gpm -1.19.2-4.i386.rpm

Linux gpm Denial of Service Vulnerability

References:

• Updates, Fixes, and Errata Page (RedHat)