SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Game)  >   TRR19 Vendors:   Hirotaka, Yamamoto
TRR19 Lets Local Users Execute Commands With 'Games' Group Privileges
SecurityTracker Alert ID:  1008875
SecurityTracker URL:  http://securitytracker.com/id/1008875
CVE Reference:   CVE-2004-0047   (Links to External Site)
Date:  Jan 28 2004
Impact:   Execution of arbitrary code via local system, User access via local system

Version(s): 1.0 beta5
Description:   A vulnerability was reported in the TRR19 typing trainer for GNU Emacs. A local user can gain elevated privileges on the target system.

It is reported that the application does not drop setgroupid (setgid) privileges before executing GNU Emacs commands. A local user can reportedly execute commands with 'games' group privileges.

Debian reported that Steve Kemp discovered the flaw.

Impact:   A local user can execute commands with 'games' group privileges.
Solution:   No upstream solution was available at the time of this entry.

[Editor's note: Debian has issued a fix, for which we will issue a separate Alert. See the Message History.]

Vendor URL:  web.yl.is.s.u-tokyo.ac.jp/~ymmt/mydist.shtml (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 28 2004 (Debian Issues Fix) TRR19 Lets Local Users Execute Commands With 'Games' Group Privileges
Debian has released a fix.



 Source Message Contents

Subject:  TRR19 vulnerability


CVE: CAN-2004-0047

Debian reported that Steve Kemp discovered a flaw in trr19 for GNU Emacs.  A local user 
can execute commands with 'games' group privileges.

http://web.yl.is.s.u-tokyo.ac.jp/~ymmt/mydist.shtml

The latest upstream version appears to be 1.0 beta5.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC