Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 19 Jun 2004 10:32:37 -0700
Message-id: <[🔎] 20040619173237.GD8741@alcor.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 40D40B7D.3020905@bksys.at>
References: <20040619084004.GA8741@alcor.net> <[🔎] 40D40B7D.3020905@bksys.at>

On Sat, Jun 19, 2004 at 11:46:37AM +0200, Bernhard Kuemel wrote:

> Matt Zimmerman wrote:
> 
> >Package        : super
> >Vulnerability  : format string
> >Problem-Type   : remote
> 
> >Max Vozeler discovered a format string vulnerability in super, a
> >program to allow specified users to execute commands with root
> >privileges.  This vulnerability could potentially be exploited by a
> >local user to execute arbitrary code with root privileges.
> 
> Why is the problem remote, when it can be exploited by a local user?

Late night.

-- 
 - mdz

Reply to:

References:
- Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
  - From: Bernhard Kuemel <bernhard@bksys.at>

Prev by Date: Re: password managers
Next by Date: 24th of June: Demonstration against software patents at the LinuxTag
Previous by thread: Re: [SECURITY] [DSA 522-1] New super packages fix format string vulnerability
Next by thread: 24th of June: Demonstration against software patents at the LinuxTag
Index(es):
- Date
- Thread