1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200409-11 / star |
| Release Date | September 07, 2004 |
| Latest Revision | May 30, 2006: 03 |
| Impact | high |
| Exploitable | local |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-arch/star | < 1.5_alpha46 | >= 1.5_alpha46 | All supported architectures |
Related bugreports: #61797
star contains a suid root vulnerability which could potentially grant unauthorized root access to an attacker.
star is an enhanced tape archiver, much like tar, that is recognized for it's speed as well as it's enhanced mt/rmt support.
A suid root vulnerability exists in versions of star that are configured to use ssh for remote tape access.
Attackers with local user level access could potentially gain root level access.
There is no known workaround at this time.
All star users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=app-arch/star-1.5_alpha46" # emerge ">=app-arch/star-1.5_alpha46" |