GIMPS, SETI@home, ChessBrain: Insecure installation

GIMPS, SETI@home, ChessBrain: Insecure installation Improper file ownership allows user-owned files to be run with root privileges by init scripts. GIMPS,SETI@home,ChessBrain 2004-11-17 2006-05-22 69868 local 23.9-r1 23.9 3.08-r4 3.03-r2 3.08-r3 20407-r1 20407

GIMPS is a client for the distributed Great Internet Mersenne Prime Search. SETI@home is the client for the Search for Extraterrestrial Intelligence (SETI) project. ChessBrain is the client for the distributed chess supercomputer.

GIMPS, SETI@home and ChessBrain ebuilds install user-owned binaries and init scripts which are executed with root privileges.

This could lead to a local privilege escalation or root compromise.

There is no known workaround at this time.

All GIMPS users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sci-misc/gimps-23.9-r1"

All SETI@home users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sci-misc/setiathome-3.03-r2"

All ChessBrain users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sci-misc/chessbrain-20407-r1"

CVE-2004-1115 CVE-2004-1116 CVE-2004-1117 jaervosz jaervosz jaervosz