Package: mozilla-venkman
Version: 0.9.87.2-1
Severity: critical
Tags: security
Justification: root security hole
Hi,
mozilla-venkman.preinst contains:
#! /bin/sh
find . -maxdepth 1 -mindepth 1 > /tmp/findddddddddddd
Just do an "ln -s /etc/shadow /bin/findddddddddddd" as any user before
installing the package, and watch the fireworks.
Btw. why the heck does the preinst script need to dump the contents of
the root directory to a file that is never used?
Gabor
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (500, 'stable'), (101,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22.6 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages mozilla-venkman depends on:
ii iceweasel 2.0.0.11-1 lightweight web browser based on M
mozilla-venkman recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
