Bug#904200: RM: acccheck -- ROM; Insecure, unmaintained, better alternatives

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#904200: RM: acccheck -- ROM; Insecure, unmaintained, better alternatives
From: Raphaël Hertzog <hertzog@debian.org>
Date: Sat, 21 Jul 2018 15:02:23 +0200
Message-id: <[🔎] 153217814394.5015.13389492670949277381.reportbug@x260-buxy.home.ouaza.com>
Reply-to: Raphaël Hertzog <hertzog@debian.org>, 904200@bugs.debian.org

Package: ftp.debian.org
Severity: normal

Please remove the acccheck package. It is affected by multiple security
vulnerabilities that are unlikely to be fixed by upstream as this was a
script written and shared a long time ago, upstream is not actively
maintaining it.

The feature set of this package is also redundant with other better tools:
metasploit, hydra, medusa, ncrack and patator

FWIW the package has been dropped from Debian Testing due to #901572
and Kali followed suite, it has been dropped from their meta-package too.

Thank you in advance.

PS: I first tried to patch the security vulnerability but when I looked at
the code more closely, it's literaly riddled with shell injection
vulnerabilities and it would be time-consuming to fix them all.

PS: I'm requesting this as a member of the pkg-security packaging team
even though I'm not listed in Uploaders of the package. I have put Marcos
Fouces in copy of the bug.

Reply to:

Prev by Date: Re: Removal request of ~broken~ repositories
Next by Date: Re: ccrypt 1.10-7
Previous by thread: Re: Removal request of ~broken~ repositories
Next by thread: Salsa template
Index(es):
- Date
- Thread