Linux Security
    Linux Security
    Linux Security

    Debian: 'fam' Privilege escalation vulnerability

    Date 16 Aug 2002
    Posted By LinuxSecurity Advisories
    A flaw was discovered in FAM's group handling. In the effect usersare unable to FAM directories they have group read and executepermissions on. However, also unprivileged users can potentiallylearn names of files that only users in root's group should be able toview.
    Debian Security Advisory DSA 154-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. Martin Schulze
    August 15th, 2002              
    Package        : fam
    Vulnerability  : privilege escalation
    Problem-Type   : local
    Debian-specific: no
    A flaw was discovered in FAM's group handling.  In the effect users
    are unable to FAM directories they have group read and execute
    permissions on.  However, also unprivileged users can potentially
    learn names of files that only users in root's group should be able to
    This problem been fixed in version for the current stable
    stable distribution (woody) and in version 2.6.8-1 (or any later
    version) for the unstable distribution (sid).  The old stable
    distribution (potato) is not affected, since it doesn't contain fam
    We recommend that you upgrade your fam packages.
    wget url
    	will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
    Size/MD5 checksum:      582 c85dc0471332fee4a8c479a4da7f8c3c
    Size/MD5 checksum:     7630 47737eb840520df5d7c1424866627ff7
    Size/MD5 checksum:   289005 fb1e2a2c01a2a568c2c0f67fa9b90e41
      Alpha architecture:
    Size/MD5 checksum:    79350 3b81338188807cb5bca93b1ec6fb57cc
    Size/MD5 checksum:    33064 60940e8809a4bb24c66a3de71acbbcab
    Size/MD5 checksum:    36188 bfa26a28c9841cb7f27f359bc4f5db1d
      ARM architecture:
    Size/MD5 checksum:    60328 6407969c77d75c542d588ddbe0894326
    Size/MD5 checksum:    29980 1cc6627f802ab8404d48ef2e909f45c8
    Size/MD5 checksum:    27844 295f117c1f04a5026a9d1063e5d3ba30
      Intel IA-32 architecture:
    Size/MD5 checksum:    59410 ad9b2cb638c5a8c6516ca7762543c418
    Size/MD5 checksum:    29398 e38857597943d466c5e897dc780a4755
    Size/MD5 checksum:    32352 caa455f94ae2762987ae7787fc5dde46
      Intel IA-64 architecture:
    Size/MD5 checksum:    88934 4391dd719917f6daccfa531523e50cd0
    Size/MD5 checksum:    35612 67210b45b17bd2b8b1e3a0f8637fb0df
    Size/MD5 checksum:    45790 a98b08fe026f84fb91f8bff9664538e0
      HP Precision architecture:
    Size/MD5 checksum:    70668 a6471f295233dab67161c7a0dd64d33f
    Size/MD5 checksum:    32162 382fe3ba40ded1397b710d4bf777e0d9
    Size/MD5 checksum:    33464 057620d63f5a8d384e33bb38ba91e6e2
      Motorola 680x0 architecture:
    Size/MD5 checksum:    57592 6b37b2878101173347e17f374e84f721
    Size/MD5 checksum:    29124 2c1dfc0ec88e3f07fa701ca69aaa44bc
    Size/MD5 checksum:    32912 b9936e5818e30388b16531a81ba2ff07
      Big endian MIPS architecture:
    Size/MD5 checksum:    74602 6df218b9cf0d02ac80b14e804577398a
    Size/MD5 checksum:    31370 b4de3a6b76911da3444ca6639989c38e
    Size/MD5 checksum:    31894 fd8cce0df31ed5e90c8e7414f0c0fcd9
      Little endian MIPS architecture:
    Size/MD5 checksum:    73924 17385ca599e2c96bf29b3ad629462d12
    Size/MD5 checksum:    31458 6ded23d5b78f63ae2464cfd2186daec0
    Size/MD5 checksum:    31724 c195749053e15ce4c58083e8bb19045a
      PowerPC architecture:
    Size/MD5 checksum:    58322 2d6c9f5656603d038927a58f8471fd4f
    Size/MD5 checksum:    29892 6352ac12a99d6b96b08c0aa6230165df
    Size/MD5 checksum:    33190 cb5b5e3abf22f06b96449c20ba910732
      IBM S/390 architecture:
    Size/MD5 checksum:    57232 6c739fb150162d7ecf6d5c6d1d1162a6
    Size/MD5 checksum:    28484 5b72634dafe0c01dd299eb429464d698
    Size/MD5 checksum:    32238 bfc10afb0c1319045ee8da9ddd73d231
      Sun Sparc architecture:
    Size/MD5 checksum:    56796 f6e96ed2f69da1320b3a29ccea07ac9b
    Size/MD5 checksum:    28808 3973d1c70bf91f4bc0a0665ef1dd5f83
    Size/MD5 checksum:    30868 612c31405105f6ddfafdaf7a46ba8215
      These files will probably be moved into the stable distribution on
      its next revision.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and


    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"8","type":"x","order":"1","pct":27.59,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":20.69,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":51.72,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.