drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Problem bei gesetztem suid-Bit in links
Name: |
Problem bei gesetztem suid-Bit in links
|
|
ID: |
|
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 1. Oktober 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
Links |
|
Originalnachricht |
--=.)TVQAGF'Stt1_8 Content-Transfer-Encoding: 7bit
-------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT --------------------------------------------------------------------
PACKAGE :links SUMMARY :local exploit possibility DATE :Tue Oct 1 03:47:05 UTC 2002
--------------------------------------------------------------------
OVERVIEW
The /usr/bin/links2 binary installed by links-2* ebuilds have had their setuid bits set by default if the package was compiled with "svga" in USE.
DETAIL
The fact that this can be used in a local root exploit prompted us to change the default setting. Now, if the user has "svga" in USE, they will be prompted in the postinstall stages to set the suid bit on /usr/bin/links2 themselves. For details please see:
http://bugs.gentoo.org/show_bug.cgi?id=8556
SOLUTION
It is recommended that all Gentoo Linux users who are running net-www/links-2* update their systems as follows:
emerge rsync emerge links emerge clean
--------------------------------------------------------------------- seemant@gentoo.org vapier@gentoo.org
-- Seemant Kulleen Developer and Project Co-ordinator, Gentoo Linux http://www.gentoo.org/~seemant
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x225EF866 Key fingerprint = 592A 35F7 09CA FAB4 17B3 6E97 72E6 23CC 225E F866
--=.)TVQAGF'Stt1_8
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE9mRuLcuYjzCJe+GYRAvdEAJ9pGlrvlUEt06hwxmaEnJWqrujBOQCfWn9A CdYmS7XaIofQXuPsQUJr7tM= =HUGJ -----END PGP SIGNATURE-----
--=.)TVQAGF'Stt1_8-- _______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|