Hosting Provided By

rPSA-2007-0203-1 rmake rmake-proxy rmake-repos

From: rPath Update Announcements <announce-noreply(at)rpath.com>
Date: Tue Oct 02 2007 - 18:28:22 EDT

rPath Security Advisory: 2007-0203-1
Published: 2007-10-02
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:

Local Root Deterministic Privilege Escalation Updated Versions:

    rmake=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1
    rmake-proxy=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1
    rmake-repos=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1

rPath Issue Tracking System:

https://issues.rpath.com/browse/RMK-634

Description:

When building packages, rMake creates device files in the change root environments in which the packages are built. In previous versions of rMake, the "/dev/zero" file had incorrect device number and ownership, which might allow a user to execute arbitrary code as the superuser.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html Received on Wed Oct 3 12:11:36 2007

This message: [ Message body ]
Next message: Steve Kemp: "[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure"
Previous message: iDefense Labs: "iDefense Security Advisory 10.02.07: Multiple Vendor X Font Server Multiple Vulnerabilities"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 28 2007 - 06:18:55 EDT

Do you need help?