Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 61797 - app-arch/star suid root vulnerability
Summary: app-arch/star suid root vulnerability
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: C1 [glsa] jaervosz
Depends on:
Reported: 2004-08-26 05:50 UTC by Wolfram Schlich (RETIRED)
Modified: 2011-10-30 22:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Wolfram Schlich (RETIRED) gentoo-dev 2004-08-26 05:50:49 UTC
A problem exists for all star versions that
did support to use ssh for remote tape access.

The problem is present in star-1.5a09 ... star-1.5a45

Please upgrade to star-1.5a46
The latest version available in portage is app-arch/star-1.5_alpha43.
It should be noted that star currently is not SUID by default.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-26 06:46:42 UTC
lostlogic you bumped last time please bump to latest version.

Currently no more info on the issue.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-28 15:31:13 UTC
Bump compiles fine.
Comment 3 solar (RETIRED) gentoo-dev 2004-08-31 01:31:03 UTC
ebuild bumped to star-1.5_alpha46 (Runtime needs testing)
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-08-31 01:43:42 UTC
Arches please test and mark stable.
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2004-08-31 05:43:10 UTC
Sparc tasty.
Comment 6 Bryan Østergaard (RETIRED) gentoo-dev 2004-08-31 16:24:56 UTC
Stable on alpha.
Comment 7 Jochen Maes (RETIRED) gentoo-dev 2004-09-01 13:48:55 UTC
tested and stable on ppc

Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2004-09-02 01:00:17 UTC
Reassigning Product/Component as this is not a GLSA error, it's a security bug.
Comment 9 Travis Tilley (RETIRED) gentoo-dev 2004-09-02 01:54:58 UTC
stable on amd64
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-09-05 03:20:06 UTC
Local priv escalation.

x86 please mark stable
Comment 11 Tim Yamin (RETIRED) gentoo-dev 2004-09-06 11:03:01 UTC
Stable on IA64.
Comment 12 Olivier Crete (RETIRED) gentoo-dev 2004-09-07 13:57:09 UTC
stable on x86
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2004-09-07 14:00:53 UTC
Comment 14 SpanKY gentoo-dev 2004-09-07 21:36:06 UTC
hppa stable now
Comment 15 Thierry Carrez (RETIRED) gentoo-dev 2004-09-08 00:54:35 UTC
GLSA 200409-11
Comment 16 solar (RETIRED) gentoo-dev 2006-05-29 17:23:56 UTC
The GLSA sent our for this bug has an error

      <unaffected range="ge">star-1.5_alpha46</unaffected>
      <vulnerable range="lt">star-1.5_alpha46</vulnerable>

Should read:

      <unaffected range="ge">1.5_alpha46</unaffected>
      <vulnerable range="lt">1.5_alpha46</vulnerable>

Comment 17 Stefan Cornelius (RETIRED) gentoo-dev 2006-05-30 02:42:12 UTC
Thanks Kugelfang/solar. Should be fixed in the tree.