1 |
- -------------------------------------------------------------------------- |
2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- -------------------------------------------------------------------------- |
4 |
|
5 |
PACKAGE :at |
6 |
SUMMARY :Local vulnerability allows an attacker to obtain root |
7 |
privileges |
8 |
DATE :2002-01-20 01:40:00 |
9 |
|
10 |
- -------------------------------------------------------------------------- |
11 |
|
12 |
OVERVIEW |
13 |
|
14 |
|
15 |
Zen-parse found a bug in the current implementation of at which leads |
16 |
into a heap corruption vulnerability which in turn could potentially |
17 |
lead into an exploit of the daemon user. |
18 |
|
19 |
|
20 |
DETAIL |
21 |
|
22 |
|
23 |
None |
24 |
|
25 |
|
26 |
|
27 |
SOLUTION |
28 |
|
29 |
|
30 |
It is recommended that all at users apply the update |
31 |
|
32 |
Portage Auto: |
33 |
|
34 |
emerge rsync |
35 |
emerge update |
36 |
emerge update --world |
37 |
|
38 |
|
39 |
Portage by hand: |
40 |
|
41 |
emerge rsync |
42 |
emerge sys-apps/at |
43 |
|
44 |
Manually: |
45 |
|
46 |
Download the new at package here and follow in file instructions: |
47 |
http://ftp.debian.org/debian/pool/main/a/at/at_3.1.8-11.tar.gz |
48 |
|
49 |
- -------------------------------------------------------------------------- |
50 |
Ferry Meyndert |
51 |
m0rpheus@×××××××××××××.nu |
52 |
- |
53 |
-------------------------------------------------------------------------- |