Linux GTKicq Security Flaw (thought u should know)
Last night i was rummaging around my system on another account and i was checking out my directories seeing if i could find stuff. well i went to my main account went to the .icq folder which uses GTKICQ i typed: cat gtkicqrc it listed my password i use for ICQ which i also used for my own root password!! they were the only places i used it.. needless to say if u use GTKicq make sure u set permissions on /home/user/.icq/gtkicqrc to only the user.. thanx for your time, AJ
Re: Linux GTKicq Security Flaw (thought u should know)
A == AJ [EMAIL PROTECTED] writes: A cat gtkicqrc it listed my password i use for ICQ which i also used A for my own root password!! they were the only places i used A it.. needless to say if u use GTKicq make sure u set permissions on A /home/user/.icq/gtkicqrc to only the user.. This was fixed in gtkicq 0.57-3 uploaded to frozen and unstable. Though it had IMHO the wrong priority (low, should be high) and was not announced on debian-security-announce. Stephen, what do you think? At least make up the announcement? Ciao, Martin
Re: Linux GTKicq Security Flaw (thought u should know)
On Thu, Dec 31, 1998 at 11:43:26AM -0500, AJ wrote: it listed my password i use for ICQ which i also used for my own root password!! they were the only places i used it.. needless to say if u Needless to say your root password should not be the same as you normal account password especially not the same as passwords on outside systems like ICQ, IRC bots, and webmail accounts :) -- --- - - --- - - - --- Ben Collins [EMAIL PROTECTED] Debian GNU/Linux UnixGroup Admin - Jordan Systems Inc. [EMAIL PROTECTED] -- -- - - - --- --- -- The Choice of the GNU Generation
