gdomap multiple local information disclosure vulnerabilities
gdomap, part of GNUstep, is vulnerable to two different information disclosure vulnerabilities that each allow unprivileged local users to read the contents of arbitrary files.
gdomap is installed setuid root by default. When invoked with the -c (config file for probe) flag, gdomap reads a user-specified file without confirming its ownership or permissions, and then attempts to parse it as a configuration file. In a failed attempt to parse, gdomap will print an error message containing the full contents of the provided file, allowing an unprivileged local user to read anything on disk. This also occurs when gdomap is invoked with the -a (config file for interface list) flag, which uses a separate (but nearly identical) code path.
This behavior can by confirmed by:
$ gdomap -c /etc/shadow
$ gdomap -a /etc/shadow
The ability to read arbitrary files on disk can easily result in privilege escalation (reading SSH keys, etc.). To mitigate the issue, permissions should be dropped to that of the invoking user prior to opening a provided configuration file.