• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

MM Shared Memory Library Temporary File Privilege Escalation Vulnerability

Solution:
Slackware has released an updated Apache package which is compiled with a fixed version of libmm.

FreeBSD has released a Security Notice FreeBSD-SN-02:05. Users of FreeBSD systems are strongly urged to upgrade their ports tree to fix various reported issues. Further information can be found in the referenced Security Notice.

Fixes are available:


OSSP mm 1.0 .0

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.1

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.10

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.11

• Debian libmm10-dev_1.0.11-1.2_alpha.deb
  Debian GNU/Linux 2.2 alias potato Alpha.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_alpha.deb


• Debian libmm10-dev_1.0.11-1.2_arm.deb
  Debian GNU/Linux 2.2 alias potato ARM.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_arm.deb


• Debian libmm10-dev_1.0.11-1.2_i386.deb
  Debian GNU/Linux 2.2 alias potato Intel ia32.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_i386.deb


• Debian libmm10-dev_1.0.11-1.2_m68k.deb
  Debian GNU/Linux 2.2 alias potato Motorola 680x0.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_m68k.deb


• Debian libmm10-dev_1.0.11-1.2_powerpc.deb
  Debian GNU/Linux 2.2 alias potato PowerPC.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_powerpc.deb


• Debian libmm10-dev_1.0.11-1.2_sparc.deb
  Debian GNU/Linux 2.2 alias potato Sun Sparc.
  http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1 .2_sparc.deb


• Debian libmm10_1.0.11-1.2_alpha.deb
  Debian GNU/Linux 2.2 alias potato Alpha.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_a lpha.deb


• Debian libmm10_1.0.11-1.2_arm.deb
  Debian GNU/Linux 2.2 alias potato ARM.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_a rm.deb


• Debian libmm10_1.0.11-1.2_i386.deb
  Debian GNU/Linux 2.2 alias potato Intel ia32.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_i 386.deb


• Debian libmm10_1.0.11-1.2_m68k.deb
  Debian GNU/Linux 2.2 alias potato Motorola 680x0.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_m 68k.deb


• Debian libmm10_1.0.11-1.2_powerpc.deb
  Debian GNU/Linux 2.2 alias potato PowerPC.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_p owerpc.deb


• Debian libmm10_1.0.11-1.2_sparc.deb
  Debian GNU/Linux 2.2 alias potato Sun Sparc.
  http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_s parc.deb


• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.12

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.2

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.3

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.4

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.5

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.6

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.7

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.8

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.0.9

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.1 .0

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.1.1

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz


• SuSE mm-1.1.1-61.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/mm-1.1.1-61.i386.rpm


• SuSE mm-1.1.1-73.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/mm-1.1.1-73.ppc.rpm

OSSP mm 1.1.2

• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz

OSSP mm 1.1.3

• Debian libmm11-dev_1.1.3-6.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody Alpha.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_alpha.deb


• Debian libmm11-dev_1.1.3-6.1_arm.deb
  Debian GNU/Linux 3.0 alias woody ARM.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_arm.deb


• Debian libmm11-dev_1.1.3-6.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody HP Precision.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_hppa.deb


• Debian libmm11-dev_1.1.3-6.1_i386.deb
  Debian GNU/Linux 3.0 alias woody Intel ia32.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_i386.deb


• Debian libmm11-dev_1.1.3-6.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody Intel ia64.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_ia64.deb


• Debian libmm11-dev_1.1.3-6.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody Motorola 680x0.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_m68k.deb


• Debian libmm11-dev_1.1.3-6.1_mips.deb
  Debian GNU/Linux 3.0 alias woody Big endian MIPS.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_mips.deb


• Debian libmm11-dev_1.1.3-6.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody Little endian MIPS.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_mipsel.deb


• Debian libmm11-dev_1.1.3-6.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody PowerPC.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_powerpc.deb


• Debian libmm11-dev_1.1.3-6.1_s390.deb
  Debian GNU/Linux 3.0 alias woody IBM S/390.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_s390.deb


• Debian libmm11-dev_1.1.3-6.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody Sun Sparc.
  http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6. 1_sparc.deb


• Debian libmm11_1.1.3-6.1_alpha.deb
  Debian GNU/Linux 3.0 alias woody Alpha.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_al pha.deb


• Debian libmm11_1.1.3-6.1_arm.deb
  Debian GNU/Linux 3.0 alias woody ARM.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ar m.deb


• Debian libmm11_1.1.3-6.1_hppa.deb
  Debian GNU/Linux 3.0 alias woody HP Precision.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_hp pa.deb


• Debian libmm11_1.1.3-6.1_i386.deb
  Debian GNU/Linux 3.0 alias woody Intel ia32.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_i3 86.deb


• Debian libmm11_1.1.3-6.1_ia64.deb
  Debian GNU/Linux 3.0 alias woody Intel ia64.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ia 64.deb


• Debian libmm11_1.1.3-6.1_m68k.deb
  Debian GNU/Linux 3.0 alias woody Motorola 680x0.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_m6 8k.deb


• Debian libmm11_1.1.3-6.1_mips.deb
  Debian GNU/Linux 3.0 alias woody Big endian MIPS.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mi ps.deb


• Debian libmm11_1.1.3-6.1_mipsel.deb
  Debian GNU/Linux 3.0 alias woody Little endian MIPS.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mi psel.deb


• Debian libmm11_1.1.3-6.1_powerpc.deb
  Debian GNU/Linux 3.0 alias woody PowerPC.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_po werpc.deb


• Debian libmm11_1.1.3-6.1_s390.deb
  Debian GNU/Linux 3.0 alias woody IBM S/390.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_s3 90.deb


• Debian libmm11_1.1.3-6.1_sparc.deb
  Debian GNU/Linux 3.0 alias woody Sun Sparc.
  http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_sp arc.deb


• HP HPTL_00029
  http://itrc.hp.com


• Mandrake libmm1-1.1.3-9.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-1.1.3-9.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-1.1.3-9.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-1.1.3-9.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-devel-1.1.3-9.1mdk.i586.rpm
  Mandrake Linux 8.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-devel-1.1.3-9.1mdk.i586.rpm
  Mandrake Linux 8.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-devel-1.1.3-9.1mdk.ia64.rpm
  Mandrake Linux 8.1/ia64.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libmm1-devel-1.1.3-9.1mdk.ppc.rpm
  Mandrake Linux 8.2/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.4mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.4mdk.ppc.rpm
  Mandrake Linux 8.0/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.4mdk.src.rpm
  Mandrake Linux 8.0 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.4mdk.src.rpm
  Mandrake Linux 8.0/ppc Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.i586.rpm
  Linux-Mandrake 7.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.i586.rpm
  Mandrake Corporate Server 1.0.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.i586.rpm
  Mandrake Single Network Firewall 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.src.rpm
  Linux-Mandrake 7.1 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.src.rpm
  Linux-Mandrake 7.2 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.src.rpm
  Mandrake Corporate Server 1.0.1 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-8.5mdk.src.rpm
  Mandrake Single Network Firewall 7.2 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-9.1mdk.src.rpm
  Mandrake Linux 8.1 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-9.1mdk.src.rpm
  Mandrake Linux 8.1/ia64 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-9.1mdk.src.rpm
  Mandrake Linux 8.2 Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-1.1.3-9.1mdk.src.rpm
  Mandrake Linux 8.2/ppc Source RPM.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.4mdk.i586.rpm
  Mandrake Linux 8.0.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.4mdk.ppc.rpm
  Mandrake Linux 8.0/ppc.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.5mdk.i586.rpm
  Linux-Mandrake 7.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.5mdk.i586.rpm
  Linux-Mandrake 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.5mdk.i586.rpm
  Mandrake Corporate Server 1.0.1.
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake mm-devel-1.1.3-8.5mdk.i586.rpm
  Mandrake Single Network Firewall 7.2.
  http://www.mandrakesecure.net/en/ftp.php


• OSSP mm-1.2.1.tar.gz
  ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz


• RedHat mm-1.1.3-8.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/mm-1.1.3-8.alpha.rpm


• RedHat mm-1.1.3-8.alpha.rpm
  ftp://updates.redhat.com/7.1/en/os/alpha/mm-1.1.3-8.alpha.rpm


• RedHat mm-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/mm-1.1.3-8.i386.rpm


• RedHat mm-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mm-1.1.3-8.i386.rpm


• RedHat mm-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mm-1.1.3-8.i386.rpm


• RedHat mm-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mm-1.1.3-8.i386.rpm


• RedHat mm-1.1.3-8.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/mm-1.1.3-8.ia64.rpm


• RedHat mm-1.1.3-8.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mm-1.1.3-8.ia64.rpm


• RedHat mm-devel-1.1.3-8.alpha.rpm
  ftp://updates.redhat.com/7.0/en/os/alpha/mm-devel-1.1.3-8.alpha.rpm


• RedHat mm-devel-1.1.3-8.alpha.rpm
  ftp://updates.redhat.com/7.1/en/os/alpha/mm-devel-1.1.3-8.alpha.rpm


• RedHat mm-devel-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.0/en/os/i386/mm-devel-1.1.3-8.i386.rpm


• RedHat mm-devel-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/mm-devel-1.1.3-8.i386.rpm


• RedHat mm-devel-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/mm-devel-1.1.3-8.i386.rpm


• RedHat mm-devel-1.1.3-8.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/mm-devel-1.1.3-8.i386.rpm


• RedHat mm-devel-1.1.3-8.ia64.rpm
  ftp://updates.redhat.com/7.1/en/os/ia64/mm-devel-1.1.3-8.ia64.rpm


• RedHat mm-devel-1.1.3-8.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/mm-devel-1.1.3-8.ia64.rpm


• RedHat secureweb-3.2.8-1.i386.rpm.rhmask
  ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/secureweb-3.2.8 -1.i386.rpm.rhmask


• RedHat secureweb-devel-3.2.8-1.i386.rpm
  ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/secureweb-devel -3.2.8-1.i386.rpm


• RedHat secureweb-manual-3.2.8-1.i386.rpm
  ftp://updates.redhat.com/other_prod/secureweb/3.2/i386/secureweb-manua l-3.2.8-1.i386.rpm


• Slackware apache-1.3.26-i386-2.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/patches/packag es/apache-1.3.26-i386-2.tgz


• SuSE mm-1.1.1-61.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.0/d1/mm-1.1.1-61.i386.rpm


• SuSE mm-1.1.1-73.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.0/d1/mm-1.1.1-73.ppc.rpm


• SuSE mm-1.1.3-163.sparc.rpm
  ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/mm-1.1.3-163.sparc.rpm


• SuSE mm-1.1.3-165.alpha.rpm
  ftp://ftp.suse.com/pub/suse/axp/update/7.1/d2/mm-1.1.3-165.alpha.rpm


• SuSE mm-1.1.3-202.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d2/mm-1.1.3-202.ppc.rpm


• SuSE mm-1.1.3-203.ppc.rpm
  ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d2/mm-1.1.3-203.ppc.rpm


• SuSE mm-1.1.3-290.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/mm-1.1.3-290.i386.rpm


• SuSE mm-1.1.3-290.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/mm-1.1.3-290.i386.rpm


• SuSE mm-1.1.3-292.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/mm-1.1.3-292.i386.rpm


• SuSE mm-1.1.3-293.i386.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/mm-1.1.3-293.i386.rpm