Package: general
Version: 20020215
Severity: grave
Hi,
the package bookmarker in woody contains a security hole.
the file /usr/lib/bookmarker/lib/bklocal.inc is word readable and it
contains the username and password to the mysql database.
i suggest:
# chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc
# chmod 640 chgrp www-data /usr/lib/bookmarker/lib/bklocal.inc
and although a section in the apache config file which prevents access
through the web server.
-timo
-- System Information
Debian Release: 3.0
Kernel Version: Linux timo 2.4.17 #12 Mon Jan 21 11:18:47 CET 2002 i686
unknown
-timo
--
gpg key fingerprint = 6832 C8EC D823 4059 0CD1 6FBF 9383 7DBD 109E 98DC
Attachment:
pgpu17_5hY7Oj.pgp
Description: PGP signature