drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Unsichere Verwendung von /tmp in mm
Name: |
Unsichere Verwendung von /tmp in mm
|
|
ID: |
|
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Mi, 31. Juli 2002, 13:00 |
|
Referenzen: |
Keine Angabe |
|
Applikationen: |
OSSP mm |
|
Originalnachricht |
----------------------------------------------------------------------- GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT ----------------------------------------------------------------------- PACKAGE : mm - Shared Memory Abstraction library SUMMARY : security vulnerability in mm temp files. DATE : Wed Jul 31 08:44:26 UTC 2002 -----------------------------------------------------------------------
OVERVIEW
There is a temp file vulnerability that can be used to gain root access on a system running Apache. Versions affected: dev-libs/mm-1.1.3-r1
DETAIL
PHP can be used to give the www-user shell access for systems running Apache. This temp file vulnerability can be exploited to use that to gain root access.
This affects dev-libs/mm-1.1.3-r1
http://online.securityfocus.com/advisories/4315
SOLUTION
It is recommended that all Gentoo Linux users who are running apache linked with mm update their systems as follows. Note, the new version will be mm-1.2.1
emerge rsync emerge dev-libs/mm
------------------------------------------------------------------------ aliz@gentoo.org seemant@gentoo.org drobbins@gentoo.org ------------------------------------------------------------------------
-- Seemant Kulleen Developer and Project Co-ordinator, Gentoo Linux http://www.gentoo.org/~seemant _______________________________________________ gentoo-announce mailing list gentoo-announce@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-announce _______________________________________________ gentoo-security mailing list gentoo-security@gentoo.org http://lists.gentoo.org/mailman/listinfo/gentoo-security
|
|
|
|