BubbleMon 1.31

From: Christer Öberg (dimat_private)
Date: Sun Apr 15 2001 - 16:12:53 PDT

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Catalyst 5000 Series 802.1x Vulnerability"

Previous message: debian-security-announceat_private: "[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

VULNERABILITY DESCRIPTION

  Users can execute programs/shellscript by clicking on the bubblemon
app.
  bubblemon is installed sgid kmem on FreeBSD and does not drop its egid
before
  executing programs.

VERSIONS AFFECTED

  All versions of BubbleMon up to 1.32 installed on FreeBSD .

EXAMPLE
  $ id
  uid=1000(christer) gid=1000(christer) groups=1000(christer)
  $ bubblemon id
  uid=1000(christer) gid=1000(christer) egid=2(kmem) groups=2(kmem),
1000(christer)

FIX
  Get the new fixed version BubbleMon 1.32 from
http://www.ne.jp/asahi/linux/timecop

Next message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Catalyst 5000 Series 802.1x Vulnerability"
Previous message: debian-security-announceat_private: "[SECURITY] [DSA-046-1] exuberant-ctags uses insecure temporary files"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 16 2001 - 11:01:49 PDT