found 475733 1.0.5-6 thanks > * Dropped 05_setuid.diff as it can cause a root exploit. (Closes: #475733)
This is not enough, because it still has seved set userid and is exploitable: > The package has a setuid binary acon. The binary never drops setuid. The > source code contains the following lines: (acon.c) > > char tmp[300]; > ... > if((env=getenv("HOME"))) > sprintf(tmp,"%s/.acon.conf",env); > > This can be easily exploited by a long $HOME. Helmut -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]