[email protected]
[Top] [All Lists]

Bug#475736: marked as forwarded (tss: local root exploit)

Subject: Bug#475736: marked as forwarded tss: local root exploit
From: Debian Bug Tracking System
Date: Sat, 12 Apr 2008 16:57:10 +0000
Your message dated Sat, 12 Apr 2008 18:53:02 +0200
with message-id <[email protected]>
has caused the   report #475736,
regarding tss: local root exploit
to be marked as having been forwarded to the upstream software
author(s) Kristian Gunstone <[email protected]>

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
475736: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475736
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Subject: Re: Bug#475736: tss: local root exploit
From: ØØÙØ ØÙÙØÙÙØÙ
Date: Sat, 12 Apr 2008 18:53:02 +0200
On Sat, Apr 12, 2008 at 05:52:17PM +0200, Helmut Grohne wrote:
> Package: tss
> Version: 0.8.1-3
> Severity: critical
> Tags: security
> Justification: root security hole
> 
> tss has a setuid binary. The source code is src/main.c:
> 
> sprintf(glob_string, "%s/.tss/*", getenv("HOME"));
> 
> (before dropping setuid, needless to say)
---end quoted text---

-- 
 ØØÙØ ØÙÙØÙÙØÙ (Ahmed El-Mahmoudy)
  Digital design engineer
  SySDSoft, Inc.
 GPG KeyID: 0x9DCA0B27 (@ subkeys.pgp.net)
 GPG Fingerprint: 087D 3767 8CAC 65B1 8F6C  156E D325 C3C8 9DCA 0B27


--- End Message ---
<Prev in Thread] Current Thread [Next in Thread>
  • Bug#475736: marked as forwarded (tss: local root exploit), Debian Bug Tracking System <=