Rapid7 Vulnerability & Exploit Database

RHSA-2000:072: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0

Back to Search

RHSA-2000:072: Updated gnorpm packages are available for Red Hat Linux 6.1, 6.2, and 7.0

Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
12/19/2000
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

(This is a re-release of the previous errata caused by a missing patch). A locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling. 2000-11-27: Added packages for Red Hat Linux 7 for Alpha

While fixing other problems with the gnorpm package, a locally-exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitrary files due to a bug in the gnorpm tmp file handling. A new release of GnoRPM (0.95.1) is now available. This fixes a significant number of bugs in the gnorpm package, including this security hole. Administrators who use this program on multi-user machines should update it, and anyone who uses it regularly will notice vast improvements. All versions of GnoRPM before 0.95 are believed to be vulnerable.

Solution(s)

  • redhat-upgrade-gnorpm

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;