COMMAND

    gpm

SYSTEMS AFFECTED

    Linux

PROBLEM

    There  are  security  problems  within  gpm (General Purpose Mouse
    support  daemon)  which  allow  removal  of  system files and also
    exhibit a local denial of service attack.

SOLUTION

    Caldera recommends users to upgrade to the new packages:

      - OpenLinux Desktop 2.3: ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/
                               RPMS/gpm-1.17.8-5.i386.rpm
                               RPMS/gpm-devel-1.17.8-5.i386.rpm
                               RPMS/gpm-devel-static-1.17.8-5.i386.rpm
                               ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/SRPMS
                               SRPMS/gpm-1.17.8-5.src.rpm

      - OpenLinux eServer 2.3 and OpenLinux eBuilder for ECential 3.0
                               ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/
                               RPMS/gpm-1.17.8-5.i386.rpm
                               RPMS/gpm-devel-1.17.8-5.i386.rpm
                               RPMS/gpm-devel-static-1.17.8-5.i386.rpm
                               ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/SRPMS
                               SRPMS/gpm-1.17.8-5.src.rpm

      - OpenLinux eDesktop 2.4 ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/
                               RPMS/gpm-1.19.2-4.i386.rpm
                               RPMS/gpm-devel-1.19.2-4.i386.rpm
                               RPMS/gpm-devel-static-1.19.2-4.i386.rpm
                               ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/SRPMS
                               SRPMS/gpm-1.19.2-4.src.rpm

    For Conectiva Linux:

        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm

        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm

    For Linux-Mandrake:

        6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
        6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
        6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
        6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
        7.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
        7.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        7.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
        7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
        7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm

    For Red Hat:

        sparc: ftp://updates.redhat.com/5.2/sparc/gpm-1.19.3-0.5.x.sparc.rpm
        alpha: ftp://updates.redhat.com/5.2/alpha/gpm-1.19.3-0.5.x.alpha.rpm
         i386: ftp://updates.redhat.com/5.2/i386/gpm-1.19.3-0.5.x.i386.rpm
      sources: ftp://updates.redhat.com/5.2/SRPMS/gpm-1.19.3-0.5.x.src.rpm

        sparc: ftp://updates.redhat.com/6.2/sparc/gpm-1.19.3-0.6.x.sparc.rpm
         i386: ftp://updates.redhat.com/6.2/i386/gpm-1.19.3-0.6.x.i386.rpm
        alpha: ftp://updates.redhat.com/6.2/alpha/gpm-1.19.3-0.6.x.alpha.rpm
      sources: ftp://updates.redhat.com/6.2/SRPMS/gpm-1.19.3-0.6.x.src.rpm

    SuSE Linux ships a slightly  older version of gpm because  of some
    grief with the latest versions.   The vulnerabilities in gpm  have
    been addressed to the fully necessary extent back in April 5.   As
    mentioned above, there is no pam_console module that could  change
    the  ownerships  of  the  gpm  control  socket  /dev/gpmctl.    By
    consequence,  a  local  denial  of  service  attack against gpm is
    possible.  However, SuSE believes that the most effective  measure
    against this is userdel(8), since hogging disk  space/performance,
    CPU,  bandwidth  etc  is  still  possible  in  the  wild even with
    appropriate permissions on the gpm socket.