tags 548684 + fixed-upstream
thanks
Hi Steve,
thank you very much for reporting this bug.
I have changed oping to check the effective and real user IDs. If they
don't match, the only accepted argument to the â-fâ option is â-â (i. e.
reading from standard intput).
The relevant commits are:
Hi,
On Mon, Sep 28, 2009 at 07:24:57AM +0100, Steve Kemp wrote:
> oping is setuid root and one of the command line arguments allows
> a configuration file to be specified. This file is read and *reported*
> to the console.
Argh! Thanks for reporting that!
I guess, this should be fixed by all
Package: oping
Version: 1.3.2-1
Justification: user security hole
Severity: grave
Tags: security
*** Please type your report below this line ***
oping is setuid root and one of the command line arguments allows
a configuration file to be specified. This file is read and *reported*
to the con
3 matches
Mail list logo
