Generic NQS local root
| generic-nqs-local-root (4306) |  Medium Risk |
Description:
Generic NQS contains a vulnerability that allows a local user to gain root privileges.
Platforms Affected:
- Stuart Herbert, Generic NQS 3.50.6
- Stuart Herbert, Generic NQS 3.50.7
Remedy:
Upgrade to the latest version of Generic NQS (version 3.50.8 or later), available from the Generic NQS FTP site. Upgrades are also available from FreeBSD, as listed in FreeBSD Security Advisory FreeBSD-SA-00:13. See References.
Consequences:
Gain Privileges
References:
- BugTraq Mailing List, Wed Mar 22 2000 - 06:50:04 CST, Local root compromise in GNQS 3.50.6 and 3.50.7 at http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html.
- FreeBSD Security Advisory FreeBSD-SA-00:13, generic-nqs contains a local root compromise at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13-generic-nqs.asc.
- Generic NQS FTP site, Current Production Release at http://ftp.gnqs.org/pub/gnqs/latest/production/.
- Generic NQS FTP site, Change log for version 3.50.8 at http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt.
- BID-1842: GNQS Root Access Vulnerability
- CVE-2000-0247: Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
Reported:
Mar 22, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net