Package: apache Version: 1.3.29.0.1-3 Severity: normal The Apache init script does not set the PATH variable to something sane like most other init scripts do. That way the PATH from the root user who started apache manually can leak into CGI scripts.
-- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.21 Locale: LANG=C, LC_CTYPE=de_DE Versions of packages apache depends on: ii apache-common 1.3.29.0.1-3 Support files for all Apache webse ii debconf 1.4.8 Debian configuration management sy ii dpkg 1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an ii libdb4.1 4.1.25-16 Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libmagic1 4.07-2 File type determination library us ii libpam0g 0.76-15 Pluggable Authentication Modules l ii logrotate 3.6.5-2 Log rotation utility ii mime-support 3.24-1 MIME files 'mime.types' & 'mailcap ii perl [perl5] 5.8.3-1 Larry Wall's Practical Extraction -- debconf information excluded