Gentoo: 202905-12 High Security Vulnerability in gpg Setgid Exposed
gentoo
July 19, 2003
gpg needs to be setuid to make use of protected memory space, however thesetgid bit allowed gpg user to overwrite goup root writable files and istherefore unnecessary.
Summary
- - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200307-06 - - ---------------------------------------------------------------------
- - ---------------------------------------------------------------------
gpg needs to be setuid to make use of protected memory space, however the setgid bit allowed gpg user to overwrite goup root writable files and is therefor unnecessary.
SOLUTION
It is recommended that all Gentoo Linux users who are running app-crypt/gnupg upgrade to gnupg-1.2.2-r1 as follows
emerge sync emerge gnupg emerge clean
- - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at taviso@gentoo.org - - ---------------------------------------------------------------------
Topics Covered
Resolution
References
Availability
style>.gentoo_availability{display:block;}
Concerns
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
PACKAGE : gnupg
SUMMARY : gpg setgid
DATE : 2003-07-19 14:27 UTC
EXPLOIT : local
VERSIONS AFFECTED : =gnupg-1.2.2-r1
CVE :
Topics Covered
Background
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Affected Packages
Impact
Workaround
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!