Debian
debian-goodies package

[debian-goodies] [CVE-2007-3912] insufficient input sanitising

Bug #210128 reported by disabled.user on 2008-04-01

254

Affects		Status	Importance	Assigned to	Milestone
	debian-goodies (Debian)	Fix Released	Unknown	debbugs #440411
	debian-goodies (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Binary package hint: debian-goodies

References:
DSA-1527-1 (http://www.debian.org/security/2008/dsa-1527)

Quoting:
"Thomas de Grenier de Latour discovered that the checkrestart tool in the
debian-goodies suite of utilities, allowed local users to gain privileges
via shell metacharacters in the name of the executable file for a running
process."

CVE References

2007-3912

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2008-04-01:

Argh, sorry, missed a cross-check... This has already been fixed in USN-526-1.

Changed in debian-goodies:
status:	New → Fix Released

Bug Watch Updater (bug-watch-updater) on 2008-04-28

Changed in debian-goodies:
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #440411
[done grave security] Edit

Bug watches keep track of this bug in other bug trackers.

Debiandebian-goodies package