Moritz Muehlenhoff wrote: > Martin Schulze wrote: > > > > Due to a bug in the environment variable substitution code it is > > > > possible to inject environment variables such as LD_PRELOAD and gain a > > > > root shell. > > > > > > Confirmed. > > > > > > Joey we'll need an ID for it. > > > > Please use CVE-2005-3344 and inform vendor-sec. > ^^^^^^^^^^^^^ > > You already used this for the insecure default configuration in horde3 > (DSA-884).
Stupid me. I must have been distracted somehow. Please use CVE-2005-3346 instead. Moritz, thanks a lot for paying attention! Regards, Joey -- Life is too short to run proprietary software. -- Bdale Garbee Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]