Lucene search

Gentoo FoundationGLSA-200409-11

HistorySep 07, 2004 - 12:00 a.m.

star: Suid root vulnerability

2004-09-0700:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

46.8%

JSON

Background

star is an enhanced tape archiver, much like tar, that is recognized for it’s speed as well as it’s enhanced mt/rmt support.

Description

A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access.

Impact

Attackers with local user level access could potentially gain root level access.

Workaround

There is no known workaround at this time.

Resolution

All star users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv "&gt;=app-arch/star-1.5_alpha46"
 # emerge "&gt;=app-arch/star-1.5_alpha46"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-arch/star< 1.5_alpha46UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-arch/star	< 1.5_alpha46	UNKNOWN

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

46.8%

JSON

Related for GLSA-200409-11