Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18125
HistoryOct 04, 2007 - 12:00 a.m.

rPSA-2007-0203-1 rmake rmake-proxy rmake-repos

2007-10-0400:00:00
vulners.com
13
JSON

rPath Security Advisory: 2007-0203-1
Published: 2007-10-02
Products: rPath Linux 1
Rating: Major
Exposure Level Classification:
Local Root Deterministic Privilege Escalation
Updated Versions:
rmake=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1
rmake-proxy=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1
rmake-repos=/conary.rpath.com@rpl:devel//1/1.0.11.1-2-0.1

rPath Issue Tracking System:
https://issues.rpath.com/browse/RMK-634

Description:
When building packages, rMake creates device files in the change
root environments in which the packages are built. In previous
versions of rMake, the "/dev/zero" file had incorrect device number
and ownership, which might allow a user to execute arbitrary code
as the superuser.

Copyright 2007 rPath, Inc.
This file is distributed under the terms of the MIT License.
A copy is available at http://www.rpath.com/permanent/mit-license.html

JSON