Package: migrationtools Version: 46-1 Severity: critical Tags: security Justification: root security hole
Migrationtools leaves insecure temporary files containing information from /etc/shadow. When it fails to add information, it creates files like nis.<bunchofnumbers>.ldif which are world readable. This can contain encrypted passwords from /etc/shadow, and by default, includes the root account (unless you modify migrate_common.ph with minuid). This is probably a bad thing(tm). -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.14-686-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages migrationtools depends on: ii ldap-utils [openldap-utils] 2.2.23-8 OpenLDAP utilities ii perl 5.8.4-8 Larry Wall's Practical Extraction -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
