MDKSA-2000:065

Package name

dump

Date

2000-11-02

Advisory ID

MDKSA-2000:065

Affected versions

6.1 i586 , 6.0 i586 , 7.0 i586 , 7.1 i586 , 7.2 i586

Problem description

In some instances, if dump is suid root, it can be used to gain root access. Two exploits have been published to prove this. Linux-Mandrake ships dump suid root, however both exploits do not work under Linux-Mandrake. The end result is a shell that is suid by the user attempting the exploit, and not suid root which is the intended result.

Updated packages

6.1 i586

 na 6.1/RPMS/na

6.0 i586

 na 6.0/RPMS/na

7.0 i586

 na 7.0/RPMS/na

7.1 i586

 na 7.1/RPMS/na

7.2 i586

 na 7.2/RPMS/na