The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rmake | Rpath | 1.0.11 (including) | 1.0.11 (including) |
References
- http://secunia.com/advisories/27030
- http://www.securityfocus.com/archive/1/481395/100/0/threaded
- http://www.securityfocus.com/bid/25899
- https://bugs.gentoo.org/show_bug.cgi?id=194550
- https://issues.rpath.com/browse/RMK-634
- http://secunia.com/advisories/27030
- http://www.securityfocus.com/archive/1/481395/100/0/threaded
- http://www.securityfocus.com/bid/25899
- https://bugs.gentoo.org/show_bug.cgi?id=194550
- https://issues.rpath.com/browse/RMK-634