Martin Schulze wrote:
> > > Due to a bug in the environment variable substitution code it is
> > > possible to inject environment variables such as LD_PRELOAD and gain a
> > > root shell.
> >
> > Confirmed.
> >
> > Joey we'll need an ID for it.
>
> Please use CVE-2005-3344 and inform vendor-sec.
^^^^^^^^^^^^^
You already used this for the insecure default configuration in horde3
(DSA-884).
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
