1 |
- ----------------------------------------------------------------------- |
2 |
GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- ----------------------------------------------------------------------- |
4 |
PACKAGE : mm - Shared Memory Abstraction library |
5 |
SUMMARY : security vulnerability in mm temp files. |
6 |
DATE : Wed Jul 31 08:44:26 UTC 2002 |
7 |
- ----------------------------------------------------------------------- |
8 |
|
9 |
OVERVIEW |
10 |
|
11 |
There is a temp file vulnerability that can be used to gain root access on |
12 |
a system running Apache. Versions affected: dev-libs/mm-1.1.3-r1 |
13 |
|
14 |
DETAIL |
15 |
|
16 |
PHP can be used to give the www-user shell access for systems running |
17 |
Apache. This temp file vulnerability can be exploited to use that to gain |
18 |
root access. |
19 |
|
20 |
This affects dev-libs/mm-1.1.3-r1 |
21 |
|
22 |
http://online.securityfocus.com/advisories/4315 |
23 |
|
24 |
|
25 |
SOLUTION |
26 |
|
27 |
It is recommended that all Gentoo Linux users who are running apache |
28 |
linked with mm update their systems as follows. Note, the new version will |
29 |
be mm-1.2.1 |
30 |
|
31 |
emerge rsync |
32 |
emerge dev-libs/mm |
33 |
|
34 |
- ------------------------------------------------------------------------ |
35 |
aliz@g.o |
36 |
seemant@g.o |
37 |
drobbins@g.o |
38 |
- ------------------------------------------------------------------------ |
39 |
|
40 |
-- |
41 |
Seemant Kulleen |
42 |
Developer and Project Co-ordinator, |
43 |
Gentoo Linux http://www.gentoo.org/~seemant |
44 |
_______________________________________________ |
45 |
gentoo-announce mailing list |
46 |
gentoo-announce@g.o |
47 |
http://lists.gentoo.org/mailman/listinfo/gentoo-announce |