Linux Security
Linux Security
Linux Security

Debian: 'fam' Privilege escalation vulnerability

Date 16 Aug 2002
Posted By LinuxSecurity Advisories
A flaw was discovered in FAM's group handling. In the effect usersare unable to FAM directories they have group read and executepermissions on. However, also unprivileged users can potentiallylearn names of files that only users in root's group should be able toview.

Debian Security Advisory DSA 154-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. Martin Schulze
August 15th, 2002              

Package        : fam
Vulnerability  : privilege escalation
Problem-Type   : local
Debian-specific: no

A flaw was discovered in FAM's group handling.  In the effect users
are unable to FAM directories they have group read and execute
permissions on.  However, also unprivileged users can potentially
learn names of files that only users in root's group should be able to

This problem been fixed in version for the current stable
stable distribution (woody) and in version 2.6.8-1 (or any later
version) for the unstable distribution (sid).  The old stable
distribution (potato) is not affected, since it doesn't contain fam

We recommend that you upgrade your fam packages.

wget url
	will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody

  Source archives:
Size/MD5 checksum:      582 c85dc0471332fee4a8c479a4da7f8c3c
Size/MD5 checksum:     7630 47737eb840520df5d7c1424866627ff7
Size/MD5 checksum:   289005 fb1e2a2c01a2a568c2c0f67fa9b90e41

  Alpha architecture:
Size/MD5 checksum:    79350 3b81338188807cb5bca93b1ec6fb57cc
Size/MD5 checksum:    33064 60940e8809a4bb24c66a3de71acbbcab
Size/MD5 checksum:    36188 bfa26a28c9841cb7f27f359bc4f5db1d

  ARM architecture:
Size/MD5 checksum:    60328 6407969c77d75c542d588ddbe0894326
Size/MD5 checksum:    29980 1cc6627f802ab8404d48ef2e909f45c8
Size/MD5 checksum:    27844 295f117c1f04a5026a9d1063e5d3ba30

  Intel IA-32 architecture:
Size/MD5 checksum:    59410 ad9b2cb638c5a8c6516ca7762543c418
Size/MD5 checksum:    29398 e38857597943d466c5e897dc780a4755
Size/MD5 checksum:    32352 caa455f94ae2762987ae7787fc5dde46

  Intel IA-64 architecture:
Size/MD5 checksum:    88934 4391dd719917f6daccfa531523e50cd0
Size/MD5 checksum:    35612 67210b45b17bd2b8b1e3a0f8637fb0df
Size/MD5 checksum:    45790 a98b08fe026f84fb91f8bff9664538e0

  HP Precision architecture:
Size/MD5 checksum:    70668 a6471f295233dab67161c7a0dd64d33f
Size/MD5 checksum:    32162 382fe3ba40ded1397b710d4bf777e0d9
Size/MD5 checksum:    33464 057620d63f5a8d384e33bb38ba91e6e2

  Motorola 680x0 architecture:
Size/MD5 checksum:    57592 6b37b2878101173347e17f374e84f721
Size/MD5 checksum:    29124 2c1dfc0ec88e3f07fa701ca69aaa44bc
Size/MD5 checksum:    32912 b9936e5818e30388b16531a81ba2ff07

  Big endian MIPS architecture:
Size/MD5 checksum:    74602 6df218b9cf0d02ac80b14e804577398a
Size/MD5 checksum:    31370 b4de3a6b76911da3444ca6639989c38e
Size/MD5 checksum:    31894 fd8cce0df31ed5e90c8e7414f0c0fcd9

  Little endian MIPS architecture:
Size/MD5 checksum:    73924 17385ca599e2c96bf29b3ad629462d12
Size/MD5 checksum:    31458 6ded23d5b78f63ae2464cfd2186daec0
Size/MD5 checksum:    31724 c195749053e15ce4c58083e8bb19045a

  PowerPC architecture:
Size/MD5 checksum:    58322 2d6c9f5656603d038927a58f8471fd4f
Size/MD5 checksum:    29892 6352ac12a99d6b96b08c0aa6230165df
Size/MD5 checksum:    33190 cb5b5e3abf22f06b96449c20ba910732

  IBM S/390 architecture:
Size/MD5 checksum:    57232 6c739fb150162d7ecf6d5c6d1d1162a6
Size/MD5 checksum:    28484 5b72634dafe0c01dd299eb429464d698
Size/MD5 checksum:    32238 bfc10afb0c1319045ee8da9ddd73d231

  Sun Sparc architecture:
Size/MD5 checksum:    56796 f6e96ed2f69da1320b3a29ccea07ac9b
Size/MD5 checksum:    28808 3973d1c70bf91f4bc0a0665ef1dd5f83
Size/MD5 checksum:    30868 612c31405105f6ddfafdaf7a46ba8215

  These files will probably be moved into the stable distribution on
  its next revision.

For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
Package info: `apt-cache show ' and

LinuxSecurity Poll

How frequently do you patch/update your system?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum 0 answer(s) and maximum 3 answer(s).
[{"id":"179","title":"As soon as patches\/updates are released - I track advisories for my distro(s) diligently","votes":"43","type":"x","order":"1","pct":81.13,"resources":[]},{"id":"180","title":"Every so often, when I think of it","votes":"5","type":"x","order":"2","pct":9.43,"resources":[]},{"id":"181","title":"Hardly ever","votes":"5","type":"x","order":"3","pct":9.43,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

Please vote first in order to view vote results.



bottom 200

Please enable / Bitte aktiviere JavaScript!
Veuillez activer / Por favor activa el Javascript![ ? ]

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.