Package: tcpquota Version: 1.6.15-10 Severity: grave Tags: security Hello Turbo,
tcpquota include the following symlink: lrwxrwxrwx 1 bill bill 110 mar 22 14:10 usr/bin/openhost -> /afs/bayour.com/user/fredriksson/turbo/src/Mine/TCPQuota/tcpquota-1.6.15/debian/tmp//usr/bin/tcp_masq_openhost lrwxrwxrwx 1 bill bill 104 mar 22 14:10 usr/bin/toptcp -> /afs/bayour.com/user/fredriksson/turbo/src/Mine/TCPQuota/tcpquota-1.6.15/debian/tmp//usr/bin/tcpquotatop lrwxrwxrwx 1 bill bill 109 mar 22 14:10 usr/sbin/openfw -> /afs/bayour.com/user/fredriksson/turbo/src/Mine/TCPQuota/tcpquota-1.6.15/debian/tmp//usr/sbin/tcp_masq_openfw They allow a user having write access to /afs/bayour.com/user/fredriksson/turbo/ to set up a trapdoor to access account of people using toptcp etc. I suppose the link here intended as follow: usr/bin/openhost -> tcp_masq_openhost usr/bin/toptcp -> tcpquotatop usr/sbin/openfw -> tcp_masq_openfw Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
