Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
From: Bernhard Kuemel <bernhard@bksys.at>
Date: Sat, 19 Jun 2004 11:46:37 +0200
Message-id: <[🔎] 40D40B7D.3020905@bksys.at>
In-reply-to: <20040619084004.GA8741@alcor.net>
References: <20040619084004.GA8741@alcor.net>

Hi Matt!

Matt Zimmerman wrote:

Package        : super
Vulnerability  : format string
Problem-Type   : remote

Max Vozeler discovered a format string vulnerability in super, a
program to allow specified users to execute commands with root
privileges.  This vulnerability could potentially be exploited by a
local user to execute arbitrary code with root privileges.


Why is the problem remote, when it can be exploited by a local user?

Bernhard

--
Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at
Linux Admin/Programmierer: http://bksys.at/bernhard/services.html

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Ticket creation failed
Next by Date: Re: password managers
Previous by thread: Ticket creation failed
Next by thread: Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
Index(es):
- Date
- Thread