BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Bubblemon | Timecop | 1.0 | 1.0 |
Bubblemon | Timecop | 1.0pl1 | 1.0pl1 |
Bubblemon | Timecop | 1.0pl2 | 1.0pl2 |
Bubblemon | Timecop | 1.0pl3 | 1.0pl3 |
Bubblemon | Timecop | 1.0pl4 | 1.0pl4 |
Bubblemon | Timecop | 1.0pl6 | 1.0pl6 |
Bubblemon | Timecop | 1.0pl7 | 1.0pl7 |
Bubblemon | Timecop | 1.0pl8 | 1.0pl8 |
Bubblemon | Timecop | 1.0pl9 | 1.0pl9 |
Bubblemon | Timecop | 1.1 | 1.1 |
Bubblemon | Timecop | 1.1test1 | 1.1test1 |
Bubblemon | Timecop | 1.1test2 | 1.1test2 |
Bubblemon | Timecop | 1.1test3 | 1.1test3 |
Bubblemon | Timecop | 1.1test4 | 1.1test4 |
Bubblemon | Timecop | 1.1test5 | 1.1test5 |
Bubblemon | Timecop | 1.1test6 | 1.1test6 |
Bubblemon | Timecop | 1.1test7 | 1.1test7 |
Bubblemon | Timecop | 1.2 | 1.2 |
Bubblemon | Timecop | 1.2test1 | 1.2test1 |
Bubblemon | Timecop | 1.3 | 1.3 |
Bubblemon | Timecop | 1.21 | 1.21 |
Bubblemon | Timecop | 1.21test1 | 1.21test1 |
Bubblemon | Timecop | 1.22 | 1.22 |
Bubblemon | Timecop | 1.23 | 1.23 |
Bubblemon | Timecop | 1.31 | 1.31 |