• info
• discussion
• exploit
• solution
• references

Multiple Linux vendor imwheel Vulnerability

Solution:
RedHat has made patches available for this problem.

Removal of the setuid wrapper script 'imwheel-solo' will eliminate this problem.


Redhat Linux 6.1 i386

• Red Hat Inc. 6.1 i386 imwheel-0.9.8-1.i386.rpm
  ftp://updates.redhat.com/powertools/6.1/i386/imwheel-0.9.8-1.i386.rpm

Redhat Linux 6.1 sparc

• Red Hat Inc. 6.1 sparc imwheel-0.9.8-1.sparc.rpm
  ftp://updates.redhat.com/powertools/6.1/sparc/imwheel-0.9.8-1.sparc.rp m

Redhat Linux 6.1 alpha

• Red Hat Inc. 6.1 alpha imwheel-0.9.8-1.alpha.rpm
  imwheel-0.9.8-1.alpha.rpm

Redhat Linux 6.2 sparc

• Red Hat Inc. 6.2 sparc imwheel-0.9.8-1.sparc.rpm
  ftp://updates.redhat.com/powertools/6.2/sparc/imwheel-0.9.8-1.sparc.rp m

Redhat Linux 6.2 i386

• Red Hat Inc. 6.2 i386 imwheel-0.9.8-1.i386.rpm
  ftp://updates.redhat.com/powertools/6.2/i386/imwheel-0.9.8-1.i386.rpm

Redhat Linux 6.2 alpha

• Red Hat Inc. 6.2 alpha imwheel-0.9.8-1.alpha.rpm
  ftp://updates.redhat.com/powertools/6.2/alpha/imwheel-0.9.8-1.alpha.rp m