Package: vpnc Version: 0.3.2+SVN20050326-2 Severity: serious Tags: security Justification: security
Hi Zomb, the provided /etc/vpnc/example.conf is 0644 per default. It should be 0600 as lazy users might not add their own file but just edit /etc/vpnc/example.conf. This file contains at least the IPsec secret. This file should be 0600 per default. This bug seems to be valid for all suites. Greetings Martin -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages vpnc depends on: ii iproute 20041019-4 Professional tools to control the ii libc6 2.3.5-8 GNU C Library: Shared libraries an ii libgcrypt11 1.2.2-1 LGPL Crypto library - runtime libr ii libgpg-error0 1.1-4 library for common error values an vpnc recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
