|
Family: Debian Local Security Checks --> Category: infos
[DSA430] DSA-430-1 trr19 Vulnerability Scan
Vulnerability Scan Summary DSA-430-1 trr19
Detailed Explanation for this Vulnerability Test
Steve Kemp discovered a problem in trr19, a type trainer application
for GNU Emacs, which is written as a pair of setgid() binaries and
wrapper programs which execute commands for GNU Emacs. However, the
binaries don't drop rights before executing a command, allowing an
attacker to gain access to the local group games.
For the stable distribution (woody) this problem has been fixed in
version 1.0beta5-15woody1. The mipsel binary will be added later.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you upgrade your trr19 package.
Solution : http://www.debian.org/security/2004/dsa-430
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|