Package: aiccu Version: 20070115-3~bpo.2+b1 Severity: grave Tags: security Justification: user security hole
I know, this is an unsupported backport. Anyways .. The file /etc/aiccu.conf containing login and password is world readable. The security problem is obvious. Sebastian -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-5-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages aiccu depends on: ii debconf 1.5.11 Debian configuration management sy ii iproute 20061002-3 Professional tools to control the ii iputils-ping 3:20020927-6 Tools to test the reachability of ii iputils-tracepath 3:20020927-6 Tools to trace the network path to ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries ii libgnutls13 1.4.4-3 the GNU TLS library - runtime libr ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip Versions of packages aiccu recommends: ii ntpdate 1:4.2.2.p4+dfsg-2 client for setting system time fro -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]