Your message dated Sat, 12 Apr 2008 18:53:02 +0200 with message-id <[EMAIL PROTECTED]> has caused the report #475736, regarding tss: local root exploit to be marked as having been forwarded to the upstream software author(s) Kristian Gunstone <[EMAIL PROTECTED]>
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 475736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475736 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---On Sat, Apr 12, 2008 at 05:52:17PM +0200, Helmut Grohne wrote: > Package: tss > Version: 0.8.1-3 > Severity: critical > Tags: security > Justification: root security hole > > tss has a setuid binary. The source code is src/main.c: > > sprintf(glob_string, "%s/.tss/*", getenv("HOME")); > > (before dropping setuid, needless to say) ---end quoted text--- -- أحمد المحمودي (Ahmed El-Mahmoudy) Digital design engineer SySDSoft, Inc. GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net) GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--- End Message ---
