Package: sshm Version: 0.4-1 Severity: important Tags: security Action::random() calls rand() to create a temporary filename in /tmp, which can be guessed. The best part is that it doesn't even call srand(), so the config filename is *always* /tmp/sshm.PKdhtX !
I suggest mkstemp() instead. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (50, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages sshm depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libgcc1 1:4.1.1-21 GCC support library ii libstdc++6 4.1.1-21 The GNU Standard C++ Library v3 ii openssh-client 1:4.3p2-8 Secure shell client, an rlogin/rsh sshm recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
