On Dec 12  16:27, Raphael Geissert wrote:
> Package: gpsdrive
> Version: 2.10~pre4-6.dfsg-1
> Tags: security
> Severity: important
> I have found three other attack vectors:
> /usr/share/doc/gpsdrive/examples/gpssmswatch:
> src/splash.c

i think this was used to e.g. dump the current position to 
a file and send a sms to a mobile phone. It requires the user
to send SIGUSR1 to the gpsdrive process which makes this attack vector 
more unlikely to be successful. In my opinion this functionality is
obsolete anyway and should be removed from gpsdrive.
Regarding splash.c there's already a bug in the gpsdrive bug tracker
(set forward accordingly).

> src/unit_test.c:
> > g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test");
> > g_snprintf (dir_proc, sizeof (dir_proc), "/tmp/gpsdrive-unit-test/proc");

Will look into this.


Attachment: signature.asc
Description: Digital signature

Pkg-grass-devel mailing list

Reply via email to