Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o
Subject: [gentoo-announce] GLSA: libmm
Date: Wed, 31 Jul 2002 03:51:38
Message-Id: 20020731015136.1c48db9c.seemant@gentoo.org
1 - -----------------------------------------------------------------------
2 GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
3 - -----------------------------------------------------------------------
4 PACKAGE : mm - Shared Memory Abstraction library
5 SUMMARY : security vulnerability in mm temp files.
6 DATE : Wed Jul 31 08:44:26 UTC 2002
7 - -----------------------------------------------------------------------
8
9 OVERVIEW
10
11 There is a temp file vulnerability that can be used to gain root access on
12 a system running Apache. Versions affected: dev-libs/mm-1.1.3-r1
13
14 DETAIL
15
16 PHP can be used to give the www-user shell access for systems running
17 Apache. This temp file vulnerability can be exploited to use that to gain
18 root access.
19
20 This affects dev-libs/mm-1.1.3-r1
21
22 http://online.securityfocus.com/advisories/4315
23
24
25 SOLUTION
26
27 It is recommended that all Gentoo Linux users who are running apache
28 linked with mm update their systems as follows. Note, the new version will
29 be mm-1.2.1
30
31 emerge rsync
32 emerge dev-libs/mm
33
34 - ------------------------------------------------------------------------
35 aliz@g.o
36 seemant@g.o
37 drobbins@g.o
38 - ------------------------------------------------------------------------
39
40 --
41 Seemant Kulleen
42 Developer and Project Co-ordinator,
43 Gentoo Linux http://www.gentoo.org/~seemant