On Fri, Oct 21, 2011 at 07:59:59PM -0400, [email protected] wrote: > bzexe utility: > > /bin/bzexe:tmp=gz$$ > /bin/bzexe:rm -f zfoo[12]$$
I reported this one several months ago (in some conditions it could lead to a root exploit) and provided an easy solution, but no updates: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862 -- http://vladz.devzero.fr PGP key 8F7E2D3C from pgp.mit.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
