| Vulnerability Name: | CVE-2000-0229 (CCN-4151) | ||||||||
| Assigned: | 2000-03-22 | ||||||||
| Published: | 2000-03-22 | ||||||||
| Updated: | 2008-09-10 | ||||||||
| Summary: | gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. | ||||||||
| CVSS v3 Severity: | 9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: BUGTRAQ Type: UNKNOWN 20000322 gpm-root Source: CCN Type: BugTraq Mailing List, Wed Mar 22 2000 - 12:21:43 CST gpm-root Source: CCN Type: BugTraq Mailing List, Sun Apr 23 2000 - 14:31:20 CDT gpm-root initgroups() Source: MITRE Type: CNA CVE-2000-0229 Source: CCN Type: RHSA-2000:009-02 gpm-root priviledge Source: CCN Type: RHSA-2000:045-01 gpm security flaws have been addressed Source: CCN Type: US-CERT VU#22091 gpm-root fails to correctly release GID 0 membership for user defined menus Source: CCN Type: TurboLinux Security Announcement TLSA2000011-1 gpm-1.19.1 and earlier Source: SUSE Type: UNKNOWN 20000405 Security hole in gpm < 1.18.1 Source: CCN Type: OSVDB ID: 1262 gpm gpm-root Privilege Drop Failure Source: REDHAT Type: UNKNOWN RHSA-2000:009 Source: REDHAT Type: UNKNOWN RHSA-2000:045 Source: BID Type: UNKNOWN 1069 Source: CCN Type: BID-1069 Multiple Linux Vendor gpm Setgid Vulnerability Source: CCN Type: SuSE Security Announcement #45 gpm < 1.18.1 Source: XF Type: UNKNOWN linux-gpm-root(4151) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||