Debian: trr19 Missing privilege release

    Date28 Jan 2004
    CategoryDebian
    2018
    Posted ByLinuxSecurity Advisories
    The binaries don't drop privileges before executing a command, allowing an attacker to gain access to the local group games.
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 430-1                     This email address is being protected from spambots. You need JavaScript enabled to view it. 
    http://www.debian.org/security/                             Martin Schulze
    January 28th, 2004                       http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : trr19
    Vulnerability  : missing privilege release
    Problem-Type   : local
    Debian-specific: no
    CVE ID         : CAN-2004-0047
    
    Steve Kemp discovered a problem in trr19, a type trainer application
    for GNU Emacs, which is written as a pair of setgid() binaries and
    wrapper programs which execute commands for GNU Emacs.  However, the
    binaries don't drop privileges before executing a command, allowing an
    attacker to gain access to the local group games.
    
    For the stable distribution (woody) this problem has been fixed in
    version 1.0beta5-15woody1.  The mipsel binary will be added later.
    
    For the unstable distribution (sid) this problem will fixed soon.
    
    We recommend that you upgrade your trr19 package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1.dsc
          Size/MD5 checksum:      579 ef536f27bf538edc75bcc4a815f90cef
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1.diff.gz
          Size/MD5 checksum:     6042 4715d96b763e25a08a9884108e5d5199
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5.orig.tar.gz
          Size/MD5 checksum:    73636 72716b40338afe9e375c78738bb8a299
    
      Alpha architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_alpha.deb
          Size/MD5 checksum:    75648 857fdaaaed024174255c3feb7e917fc6
    
      ARM architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_arm.deb
          Size/MD5 checksum:    74618 bd883afc8db992aa1cb1308c832d58e8
    
      Intel IA-32 architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_i386.deb
          Size/MD5 checksum:    75032 daa5213df6e8ed2b0eddb865b5b3aed4
    
      Intel IA-64 architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_ia64.deb
          Size/MD5 checksum:    76514 3f77d3971bade37e405c0179743f6475
    
      HP Precision architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_hppa.deb
          Size/MD5 checksum:    75304 f76e14612d1d899ffee59b4620e032f2
    
      Motorola 680x0 architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_m68k.deb
          Size/MD5 checksum:    74984 5147a5fa1557f0f87b839c197f79cb1d
    
      Big endian MIPS architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_mips.deb
          Size/MD5 checksum:    74790 413cc56a3563299eae4cb05f3314d981
    
      PowerPC architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_powerpc.deb
          Size/MD5 checksum:    74746 745ef750e98a4746e928833d724e005e
    
      IBM S/390 architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_s390.deb
          Size/MD5 checksum:    75434 da8efd5d8c74b16f1d0873219ec4d193
    
      Sun Sparc architecture:
    
         http://security.debian.org/pool/updates/main/t/trr19/trr19_1.0beta5-15woody1_sparc.deb
          Size/MD5 checksum:    78932 02ee65da931254b1bd10b6358013b222
    
    
      These files will probably be moved into the stable distribution on
      its next revision.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb  http://security.debian.org/ stable/updates main
    For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and  http://packages.debian.org/
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"8","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":21.43,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"3","type":"x","order":"3","pct":21.43,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.