Steve Kemp wrote:
> On Wed, Nov 09, 2005 at 04:42:08AM -0800, Charles Stevenson wrote:
>
> > Due to a bug in the environment variable substitution code it is
> > possible to inject environment variables such as LD_PRELOAD and gain a
> > root shell.
>
> Confirmed.
>
> Joey we'll need an ID for it.
Please use CVE-2005-3344 and inform vendor-sec.
Regards,
Joey
--
This is GNU/Linux Country. On a quiet night, you can hear Windows reboot.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
