Linux gpm File Removal Vulnerability
BID:1512
Info
Linux gpm File Removal Vulnerability
| Bugtraq ID: | 1512 |
| Class: | Unknown |
| CVE: |
CVE-2000-0667 |
| Remote: | No |
| Local: | Yes |
| Published: | Jul 27 2000 12:00AM |
| Updated: | Jul 11 2009 02:56AM |
| Credit: | This vulnerability was first reported to in a Conectiva Linux advisory on July 27, 2000. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Linux gpm File Removal Vulnerability
GPM is a mouse server for the Linux console. There is a vulnerability in the gpm package shipped with several versions of Conectiva Linux that could allow an attacker to remove arbitrary files.
GPM is a mouse server for the Linux console. There is a vulnerability in the gpm package shipped with several versions of Conectiva Linux that could allow an attacker to remove arbitrary files.
Exploit / POC
Linux gpm File Removal Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Linux gpm File Removal Vulnerability
Solution:
From the Conectiva Linux Advisory:
SOLUTION
All users should upgrade.
This upgrade also requires an updated version of the PAM package,
which is also listed below.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm
Mandrake:
Please verify these md5 checksums of the updates prior to upgrading to
ensure the integrity of the downloaded package. You can do this by
running the md5sum program on the downloaded package by using
"md5sum package.rpm".
Linux-Mandrake 6.0:
8c7088606cf9b840969fa7937186fab5 6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
30c50ead5ce218d33e4f37fd6e20dc0b 6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 6.1:
1af817e7dda71d8e4bfa42c70c516d8f 6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
b5a6fd08bedb1c1e40711359bf16b44a 6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 7.0:
4267f1d250bfe98a63e48c30ef472acd 7.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
14bbffe0d74d4422068fe9c67dfed9b3 7.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
f44743a91edf6eaa1758500d9d4c15d0 7.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 7.1:
630d939d8159f79a8eae5f9823591064 7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
43ca39afe363d915f474041b84725a35 7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
________________________________________________________________________
To upgrade automatically, use < MandrakeUpdate >.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with "rpm -Uvh package_name".
You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Or try one of the other mirrors listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.
Please be aware that sometimes it takes the mirrors a few hours to
update, so if you want an immediate upgrade, please use one of the two
above-listed mirrors.
Solution:
From the Conectiva Linux Advisory:
SOLUTION
All users should upgrade.
This upgrade also requires an updated version of the PAM package,
which is also listed below.
DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm
DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm
Mandrake:
Please verify these md5 checksums of the updates prior to upgrading to
ensure the integrity of the downloaded package. You can do this by
running the md5sum program on the downloaded package by using
"md5sum package.rpm".
Linux-Mandrake 6.0:
8c7088606cf9b840969fa7937186fab5 6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
30c50ead5ce218d33e4f37fd6e20dc0b 6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 6.1:
1af817e7dda71d8e4bfa42c70c516d8f 6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
b5a6fd08bedb1c1e40711359bf16b44a 6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 7.0:
4267f1d250bfe98a63e48c30ef472acd 7.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
14bbffe0d74d4422068fe9c67dfed9b3 7.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
f44743a91edf6eaa1758500d9d4c15d0 7.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
Linux-Mandrake 7.1:
630d939d8159f79a8eae5f9823591064 7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
43ca39afe363d915f474041b84725a35 7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
________________________________________________________________________
To upgrade automatically, use < MandrakeUpdate >.
If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with "rpm -Uvh package_name".
You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
Or try one of the other mirrors listed at:
http://www.linux-mandrake.com/en/ftp.php3.
Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.
Please be aware that sometimes it takes the mirrors a few hours to
update, so if you want an immediate upgrade, please use one of the two
above-listed mirrors.
References
Linux gpm File Removal Vulnerability
References:
References: