Debian 2.2 DSA-092-1 Critical: wmtv Local Root Access Exploit
debian
December 6, 2001
Nicolas Boullis found a nasty security problem in the wmtv (adockable video4linux tv player for windowmaker) package asdistributed in Debian GNU/Linux 2.2.
Topics Covered
Summary
Package : wmtv
Problem type : local root exploit
Debian-specific: no
Nicolas Boullis found a nasty security problem in the wmtv (a
dockable video4linux tv player for windowmaker) package as
distributed in Debian GNU/Linux 2.2.
wmtv can optionally run a command if you double-click on the tv
window. This command can be specified using the -e command-line
option. However since wmtv is installed suid root this command
was also run as root, which gives local users a very simple way
to get root access.
This has been fixed in version 0.6.5-2potato1 by dropping root
privileges before executing the command. We recommend that you
upgrade your wmtv package immediately.
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
Debian GNU/Linux 2.2 alias potato
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
MD5 checksum: 71436864099e31a54191828eba1a5af1
MD5 checksum: fcfed7fae275bcd74f135db0fb315e27
...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!