3.6 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
gpm version 1.19.2 and earlier are vulnerable due to a flaw that allows a local user to delete arbitrary files.
gpm (General Purpose Mouse) is the program that lets you use the mouse in console mode when not using XWindows. It is usually included in Linux distributions, and can be started from the command line or in the startup script /etc/rc.d/rc.local. A vulnerability in gpm version 1.19.2 and earlier allows local users to delete arbitrary files.
A user with console access can use this vulnerability to delete any file of his choosing.
Upgrade to gpm version 1.19.3 or later.
25701
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: July 20, 2000 Updated: September 13, 2002
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Caldera Systems has released a security advisory at http://www.caldera.com/support/security/advisories/CSSA-2000-024.0.txt.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2325701 Feedback>).
Updated: May 25, 2001
Affected
Conectiva has released a security advisory at http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000240.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2325701 Feedback>).
Updated: May 25, 2001
Affected
MandrakeSoft has released a security advisory at <http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-025.php3?dis=6.0>.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2325701 Feedback>).
Updated: May 25, 2001
Unknown
RedHat has released a security advisiory at <http://www.redhat.com/support/errata/RHSA-2000-045-01.html>.
The vendor has not provided us with any further information regarding this vulnerability.
It is unknown whether Red Hat linux is vulnerable to this specific vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2325701 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Andy Moore.
CVE IDs: | CVE-2000-0667 |
---|---|
Severity Metric: | 3.04 Date Public: |
archives.neohapsis.com/archives/bugtraq/2000-07/0396.html
distro.conectiva.com/atualizacoes/?id=a&anuncio=000240
marc.theaimsgroup.com/?l=bugtraq&m=96473014104340&w=2
marc.theaimsgroup.com/?l=bugtraq&m=96480812908563&w=2
www.caldera.com/support/security/advisories/CSSA-2000-024.0.txt
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0667
www.linux-mandrake.com/en/security/2000/MDKSA-2000-025.php3?dis=6.0
www.redhat.com/support/errata/RHSA-2000-045-01.html
www.securityfocus.com/bid/1512