Package: ser2net Version: 2.6-1 Severity: important Both package version 2.5-1 and 2.6-1 are built with an incorrect termios setting for character echo. The is visible when the far end of the serial line is connected to a getty-login process, and it is seen in the fact that the user name is printed twice, and the password is fully echoed once. This clearly introduces a risk to be eavsdropped by bypassers.
In my case a Lenny instance is running where ser2net is configured, and the distant machine operates under Squeeze/testing. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (500, 'stable'), (90, 'testing'), (80, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=sv_SE, LC_CTYPE=sv_SE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages ser2net depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ser2net recommends no packages. Versions of packages ser2net suggests: ii telnet 0.17-36 The telnet client -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
