Debian Security Advisory
DSA-299-1 leksbot -- improper setuid-root execution
- Date Reported:
- 06 May 2003
- Affected Packages:
- leksbot
- Vulnerable:
- Yes
- Security database references:
- In the Bugtraq database (at SecurityFocus): BugTraq ID 7505.
In Mitre's CVE dictionary: CVE-2003-0262. - More information:
-
Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.
For the stable distribution (woody) this problem has been fixed in version 1.2-3.1.
The old stable distribution (potato) does not contain a leksbot package.
For the unstable distribution (sid) this problem has been fixed in version 1.2-5.
We recommend that you update your leksbot package.
- Fixed in:
-
Debian GNU/Linux 3.0 (woody)
- Source:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1.dsc
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1.diff.gz
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/l/leksbot/leksbot_1.2-3.1woody1_sparc.deb
MD5 checksums of the listed files are available in the original advisory.