Notified: October 31, 2000 Updated: July 03, 2001
Not Affected
Our last mandatory update of the dump package (June 29th, 2000)brought it up to version 0.4b18 and had the SUID bits disabled. These packages do not have the vulnerability that could give a local attacker root access.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 16, 2001 Updated: July 23, 2001
Not Affected
Both programs are not installed setuid root or setgid root on a Debian GNU/Linux 2.2 (stable) system nor on Debian unstable (upcoming release).
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 16, 2001 Updated: July 23, 2001
Not Affected
We are not vulnerable as we do not ship the dump and restore utilities.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 16, 2001 Updated: August 07, 2001
Unknown
Vendor could not reproduce this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 31, 2000 Updated: July 03, 2001
Not Affected
http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-065.php3
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 16, 2001 Updated: July 16, 2001
Not Affected
Our dump & restore have not been setuid or setgid for a very long time. We have also fixed numerous other bugs in them.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: October 31, 2000 Updated: July 03, 2001
Affected
http://www.linuxsecurity.com/advisories/redhat_advisory-849.html
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
Notified: July 16, 2001 Updated: July 16, 2001
Not Affected
None of the EFS and XFS dump/restore tools in IRIX are setuid root per an SGI engineer, so we believe IRIX is not vulnerable unless proven otherwise.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.