Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 68436 - net-dialup/speedtouch: privilege escalation vulnerability
Summary: net-dialup/speedtouch: privilege escalation vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL: http://speedtouch.sourceforge.net/ind...
Whiteboard: C1 [glsa] lewk
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-21 12:36 UTC by Luke Macken (RETIRED)
Modified: 2011-10-30 22:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Luke Macken (RETIRED) gentoo-dev 2004-10-21 12:36:11 UTC
TITLE:
Speedtouch USB Driver Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA12916

VERIFY ADVISORY:
http://secunia.com/advisories/12916/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
Speedtouch USB driver 1.x
http://secunia.com/product/4124/

DESCRIPTION:
A vulnerability has been reported in Speedtouch USB Driver, which
potentially can be exploited by malicious, local users to gain
escalated privileges.

The vulnerability is caused due to an unspecified format string
errors in "modem_run", "pppoa2", and "pppoa3".

Successful exploitation may potentially allow execution of arbitrary
code with escalated privileges.

SOLUTION:
Update to version 1.3.1.
http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734

PROVIDED AND/OR DISCOVERED BY:
The vendor credits Max Vozeler.

ORIGINAL ADVISORY:
http://speedtouch.sourceforge.net/index.php?/news.en.html

- - -

See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0834
Comment 1 Luke Macken (RETIRED) gentoo-dev 2004-10-21 12:38:17 UTC
net-dialup,

please bump speedtouch to 1.3.1, thanks.
Comment 2 Luke Macken (RETIRED) gentoo-dev 2004-10-27 08:53:39 UTC
We should have had this GLSA out yesterday at the latest.

net-dialup, please bump package.
Comment 3 Heinrich Wendel (RETIRED) gentoo-dev 2004-10-27 09:31:15 UTC
commited 1.3.1 as x86
Comment 4 Thierry Carrez (RETIRED) gentoo-dev 2004-10-27 12:26:19 UTC
amd64, hppa, alpha : please test and mark net-dialup/speedtouch-1.3.1 stable
Comment 5 Bryan Østergaard (RETIRED) gentoo-dev 2004-10-28 02:42:30 UTC
Alpha stable.
Comment 6 SpanKY gentoo-dev 2004-10-31 01:24:35 UTC
hppa stable
Comment 7 Simon Stelling (RETIRED) gentoo-dev 2004-11-02 02:45:05 UTC
stable now on amd64
i couldn't really test it as i don't have a adsl-modem, but it seems to work. sorry for the big delay
Comment 8 Luke Macken (RETIRED) gentoo-dev 2004-11-02 06:22:06 UTC
GLSA 200411-04