aru Posted February 25, 2004 Report Share Posted February 25, 2004 MandrakeSoft Security Advisory MDKSA-2004:016 : mtools February 25th, 2004 Updated mtools packages fix local root vulnerability Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files. The updated packages remove the suid bit from mformat. The released versions of Mandrake GNU/Linux affected are: 9.2 9.2/AMD64 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:016 Posted automatically by aru (mdksec2mub v0.0.8) Link to comment Share on other sites More sharing options...
Recommended Posts