Info

Disclosure

Sep 16, 1999

Discovery

Unknown

Dates

Exploit

Sep 16, 1999

Solution

Unknown

Description

The pbpg package in SuSE Linux contains a flaw that may allow a malicious user to access arbitrary files. The problem is that the 'pg' binary does not properly validate user-supplied input. It is possible that the flaw may allow a malicious user to arbitrary access any file on the system resulting in a loss of confidentiality and/or integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.2-0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Bent Bagger

pbpg

Unknown or Unspecified

References

Bugtraq ID: 1271
Related OSVDB ID: 13658
CVE ID: 2000-0355 (see also: NVD)
ISS X-Force ID: 3237
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/0986.html
Vendor Specific Advisory URL: http://old.lwn.net/1999/0923/a/suse-pbpg.html
Generic Informational URL: http://radio.linux.org.au/pkgdetail.phtml?sectpat=All&ordpat=title&descpat=&pkgid ......

Credit

Brock Tellier - btellierwebley.com -

Direct URL: http://osvdb.org/36218