subject:"Bug#475733\: closed by \?\?\?\?\?\?\?\? \?\?\?\?\?\?\?\?\?\?\?\?\?\?\?\? \(Ahmed El\-Mahmoudy\) \[EMAIL PROTECTED\] \(Bug#475733\: fixed in acon 1.0.5\-6\)"

Bug#475733: closed by ???????? ???????????????? (Ahmed El-Mahmoudy) [EMAIL PROTECTED] (Bug#475733: fixed in acon 1.0.5-6)

2008-04-13 Thread Helmut Grohne

found 475733 1.0.5-6 thanks * Dropped 05_setuid.diff as it can cause a root exploit. (Closes: #475733) This is not enough, because it still has seved set userid and is exploitable: The package has a setuid binary acon. The binary never drops setuid. The source code contains the following

Processed: Re: Bug#475733 closed by ???????? ???????????????? (Ahmed El-Mahmoudy) [EMAIL PROTECTED] (Bug#475733: fixed in acon 1.0.5-6)

2008-04-13 Thread Debian Bug Tracking System

Processing commands for [EMAIL PROTECTED]: found 475733 1.0.5-6 Bug#475733: acon: local root exploit Bug marked as found in version 1.0.5-6 and reopened. thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian

Bug#475733: closed by ???????? ???????????????? (Ahmed El-Mahmoudy) [EMAIL PROTECTED] (Bug#475733: fixed in acon 1.0.5-6)

2008-04-13 Thread Nico Golde

reopen 475733 thanks Hi, * Helmut Grohne [EMAIL PROTECTED] [2008-04-13 16:36]: * Dropped 05_setuid.diff as it can cause a root exploit. (Closes: #475733) This is not enough, because it still has seved set userid and is exploitable: [...] As stated before the code only changes the