Overview
gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files.
Description
gpm (General Purpose Mouse) is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can be started from the command line or in the startup script /etc/rc.d/rc.local. A vulnerability in gpm version 1.19.2 and earlier allows local users to delete arbitrary files. |
Impact
A user with console access can use this vulnerability to delete any file of his choosing. |
Solution
Upgrade to gpm version 1.19.3 or later. |
Vendor Information
25701
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- http://www.securityfocus.com/bid/1512
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0667
- http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000240
- http://marc.theaimsgroup.com/?l=bugtraq&m=96473014104340&w=2
- http://archives.neohapsis.com/archives/bugtraq/2000-07/0396.html
- http://www.caldera.com/support/security/advisories/CSSA-2000-024.0.txt
- http://marc.theaimsgroup.com/?l=bugtraq&m=96480812908563&w=2
- http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-025.php3?dis=6.0
- http://www.redhat.com/support/errata/RHSA-2000-045-01.html
Acknowledgements
This document was written by Andy Moore.
Other Information
| CVE IDs: | CVE-2000-0667 |
| Severity Metric: | 3.04 |
| Date Public: | 2000-07-27 |
| Date First Published: | 2001-05-25 |
| Date Last Updated: | 2002-09-13 17:21 UTC |
| Document Revision: | 11 |