VYPR

Rmake

by Rpath

CVEs (3)

  • CVE-2007-5194Oct 4, 2007
    risk 0.00cvss epss 0.00

    The Chroot server in rMake 1.0.11 creates a /dev/zero device file with read/write permissions for the rMake user and the same minor device number as /dev/port, which might allow local users to gain root privileges.

  • CVE-2007-0557Jan 29, 2007
    risk 0.00cvss epss 0.00

    rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.

  • CVE-2007-0536Jan 27, 2007
    risk 0.00cvss epss 0.00

    The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.