GIMPS, SETI@home, ChessBrain: Insecure installation

2004-11-1700:00:00

Gentoo Foundation

security.gentoo.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

Percentile

5.1%

JSON

Background

GIMPS is a client for the distributed Great Internet Mersenne Prime Search. SETI@home is the client for the Search for Extraterrestrial Intelligence (SETI) project. ChessBrain is the client for the distributed chess supercomputer.

Description

GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and init scripts which are executed with root privileges.

Impact

This could lead to a local privilege escalation or root compromise.

Workaround

There is no known workaround at this time.

Resolution

All GIMPS users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sci-misc/gimps-23.9-r1"

All SETI@home users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sci-misc/setiathome-3.03-r2"

All ChessBrain users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=sci-misc/chessbrain-20407-r1"

OSVersionArchitecturePackageVersionFilename
Gentooanyallsci-misc/gimps<= 23.9UNKNOWN
Gentooanyallsci-misc/setiathome<= 3.08-r3UNKNOWN
Gentooanyallsci-misc/chessbrain<= 20407UNKNOWN