Package: general Version: 20020215 Severity: grave Hi, the package bookmarker in woody contains a security hole. the file /usr/lib/bookmarker/lib/bklocal.inc is word readable and it contains the username and password to the mysql database. i suggest: # chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc # chmod 640 chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc and although a section in the apache config file which prevents access through the web server. -timo -- System Information Debian Release: 3.0 Kernel Version: Linux timo 2.4.17 #12 Mon Jan 21 11:18:47 CET 2002 i686 unknown -timo -- gpg key fingerprint = 6832 C8EC D823 4059 0CD1 6FBF 9383 7DBD 109E 98DC
Attachment:
pgpu17_5hY7Oj.pgp
Description: PGP signature