Package: proftpd Version: 1.3.0-7 Severity: grave Tags: security Hello Francesco,
proftpd include a trapdoor rpath to /users/frankie/... %chrpath usr/sbin/proftpd usr/sbin/proftpd: RPATH=/users/frankie/debian/mypkgs/proftpd/current/proftpd-1.3.0/debian/tmp/usr/sbin This rpath allows a user with home directory /users/frankie/ to install trojaned libraries and wait for proftpd to start. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
