Privilege Escalation in gpm Package Affecting Red Hat Linux
CVE-2000-0229

Currently unrated

Key Information:

Vendor: Suse
Status: Suse Linux; Debian Linux; Gpm; Linux
Vendor: CVE Published:; 22 March 2000

Summary

The gpm package, specifically the gpm-root utility, contains a design flaw where it fails to adequately drop user privileges. This oversight allows local users to exploit the system by launching this utility and thus increasing their privilege level. The potential for unauthorized access to critical system functions highlights the necessity for users to update their gpm packages to prevent potential exploitation.

References

http://www.redhat.com/support/errata/RHSA-2000-045.html

vendor-advisoryx_refsource_REDHAT

http://archives.neohapsis.com/archives/bugtraq/2000-03/02...

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/1069

vdb-entryx_refsource_BID

Timeline

Vulnerability Reserved
Apr 12, 2000
Vulnerability published
Mar 22, 2000