From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue May 20 2003 - 08:23:04 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Immunix update for fileutils

READ ONLINE:
http://www.secunia.com/advisories/8815/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

OPERATING SYSTEM:
Immunix 7.x

DESCRIPTION:
Updated packages have been released for fileutils to fix an older
vulnerability, which can be exploited by malicious, local users to
escalate privileges.

The vulnerability is caused due to a race condition in the recursive
use of the utilities "rm" and "mv", which can be exploited to delete
files and directories with the privileges of the user executing the
command.

Successful exploitation requires that the malicious user has write
access to part of the tree being moved or deleted.

SOLUTION:
Updated packages for Immunix 7+:

http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/fileutils-4.0x-3_imnx_1.i386.rpm
Source:
http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/fileutils-4.0x-3_imnx_1.src.rpm

ORIGINAL ADVISORY:
http://mail.wirex.com/pipermail/immunix-users/2003-May:/0761.html

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]