On Sat, Apr 12, 2008 at 05:52:17PM +0200, Helmut Grohne wrote:
> Package: tss
> Version: 0.8.1-3
> Severity: critical
> Tags: security
> Justification: root security hole
>
> tss has a setuid binary. The source code is src/main.c:
>
> sprintf(glob_string, "%s/.tss/*", getenv("HOME"));
>
> (before dropping setuid, needless to say)
---end quoted text---
--
أحمد المحمودي (Ahmed El-Mahmoudy)
Digital design engineer
SySDSoft, Inc.
GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C 156E D325 C3C8 9DCA 0B27
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
