On Sat, Sep 01, 2007 at 12:42:19PM +0200, Thomas de Grenier de Latour wrote:
The checkrestart program from debian-goodies (both latest 0.33 and
stable 0.27) allows arbitrary command execution with root privileges.
Thanks. I was not aware of this bug.
Since this program is likely launched as a
Package: debian-goodies
Version: 0.33
Severity: grave
Tags: security
Hi,
The checkrestart program from debian-goodies (both latest 0.33 and
stable 0.27) allows arbitrary command execution with root privileges.
Example:
$ cp /bin/sleep ; OWNED
$ ./; OWNED 1000
$ rm ; OWNED
$ sudo
2 matches
Mail list logo