gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| alessandro_rubini | gpm | 1.19 |
| suse | suse_linux | 5.3 |
| suse | suse_linux | 6.2 |
| redhat | linux | 6.0 |
| debian | debian_linux | 2.2 |
| debian | debian_linux | 2.1 |
| redhat | linux | 6.1 |
| suse | suse_linux | 6.3 |
| suse | suse_linux | 6.0 |
| alessandro_rubini | gpm | 1.18.1 |
| suse | suse_linux | 6.1 |
| redhat | linux | 6.2 |
| debian | debian_linux | 2.0 |
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| alessandro_rubini | gpm | 1.17.8 |
| alessandro_rubini | gpm | 1.17.18 |