Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: unix5583.htm

libmm - mm insecure temporary files leading to local root access



31th Jul 2002 [SBWID-5583]
COMMAND

	mm insecure temporary files leading to local root access

SYSTEMS AFFECTED

	OSSP mm library (libmm) before 1.2.0

PROBLEM

	Marcus Meissner and Sebastian Krahmer discovered  a  race  condition  on
	creating  temporary  files  in  the  OSSP   mm   library.   The   Common
	Vulnerabilities  and   Exposures   (CVE)   project   assigned   the   id
	CAN-2002-0658 to the problem. The bug affects  all  programs  which  are
	linked with OSSP mm. This may allow an attacker to conduct a local  root
	exploit. OSSP mm is often used in Apache  setups  using  mod_ssl  and/or
	mod_php.  Here  the  vulnerability  can  be  exploited  to  obtain  root
	privilege if shell  access  to  the  Apache  run-time  user  is  already
	obtained.
	

	

SOLUTION

	Update your packages.
	

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH