due to a fault in expect (the interpreter that runs the mkpasswd script) it is trivially easy to cause arbitrary commands to be executed by someone else. (under RH7.0 anyway) the search path for libs for it includes /var/tmp/ check out http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224 for details, and http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187 for an exploit. (Although the 1st is marked as a duplicate of the 2nd, as one of the notes mentions they cover completely different areas. Also note that the severity ratings of both of them are blank? Fjeer) --zen-parse ********************* **more to come soon** ********************* Fix is kinda available. Sign up for your FREE E-MAIL account @ Dynamitemail: http://www.dynamitemail.com
