LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

rPath alert rPSA-2006-0105-1 (arts)



From:
    	      "Justin M. Forbes" <jmforbes@rpath.com>


To:
    	      security-announce@lists.rpath.com, update-announce@lists.rpath.com


Subject:
    	      rPSA-2006-0105-1 arts


Date:
    	      Thu, 15 Jun 2006 15:01:00 -0400


Cc:
    	      full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com, lwn@lwn.net


rPath Security Advisory: 2006-0105-1
Published: 2006-06-15
Products: rPath Linux 1
Rating: Minor
Exposure Level Classification:
    Local Root Non-deterministic Privilege Escalation
Updated Versions:
    arts=/conary.rpath.com@rpl:devel//1/1.4.2-1.4-1

References:
    http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-200...
    http://issues.rpath.com/browse/RPL-426
    http://www.kde.org/info/security/advisory-20060615-2.txt

Description:
    In previous versions of arts, the artswrapper program has a
    vulnerability which enables a local users to escalate to root
    privileges if the artswrapper program is setuid root. In rPath Linux,
    artswrapper is not setuid root, but if users or derivative
    distributions have modified artswrapper to make it setuid root, they
    may be vulnerable to this attack.
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds