Bug#2299: serious security hole, chmod 755 /usr/bin/resizecons
Package: kbd
Version: 0.90-3
A user on my system has demonstrated to me how to get root access
using /usr/bin/resizecons. As an immediate fix, all Debian admins
should do the following, as root:
# cd /usr/bin
# ls -l resizecons
-rwsr-xr-x 1 root root 12292 Jun 22 1995 resizecons*
# chmod 755 resizecons
# ls -l resizecons
-rwxr-xr-x 1 root root 12292 Jun 22 1995 resizecons*
#
I look forward to an emergency update of the kbd package.
Ian.
PS: Please preserve only one of debian-user or debian-bugs on the CC
line, and if you preserve debian-bugs please keep the Subject line
too.
Reply to: