Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2000-0229 — Rubini GPM vulnerability

6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 70.20%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Alessandro Rubini GPM Debian Linux Redhat Linux +1 more

Timeline

PublishedMar 22

Latest updateApr 30

Description

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages3 packages

▶NVDredhat/linux6.0, 6.1, 6.2+2

▶NVDsuse/suse_linux5 versions+4

▶NVDalessandro_rubini/gpm1.18.1, 1.19+1

Also affects: Debian Linux 2.0, 2.1, 2.2

🔴Vulnerability Details

GHSA

GHSA-jj5p-pw57-256v: gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root↗2022-04-30

▶

CVEList

CVE-2000-0229: gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root↗2000-06-02

▶

💥Exploits & PoCs

Exploit-DB

gpm 1.18.1/1.19 / Debian 2.x / RedHat 6.x / S.u.S.E 5.3/6.x - gpm Setgid↗2000-03-22

▶

📋Vendor Advisories

Red Hat

security flaw↗2000-03-22

▶

💬Community

Bugzilla

CVE-2000-0229 security flaw↗2018-08-16

▶