Hi, On Dec 12 16:27, Raphael Geissert wrote: > Package: gpsdrive > Version: 2.10~pre4-6.dfsg-1 > Tags: security > Severity: important > I have found three other attack vectors: > > /usr/share/doc/gpsdrive/examples/gpssmswatch: > src/splash.c
i think this was used to e.g. dump the current position to a file and send a sms to a mobile phone. It requires the user to send SIGUSR1 to the gpsdrive process which makes this attack vector more unlikely to be successful. In my opinion this functionality is obsolete anyway and should be removed from gpsdrive. Regarding splash.c there's already a bug in the gpsdrive bug tracker (set forward accordingly). > src/unit_test.c: > > g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test"); > > g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test/proc"); Will look into this. Cheers, Andreas
signature.asc
Description: Digital signature