'[oss-security] CVE request: oping allows the disclosure of arbitrary file contents'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: oping allows the disclosure of arbitrary file contents
From:       Steve Kemp <steve () steve ! org ! uk>
Date:       2009-09-28 12:45:10
Message-ID: 20090928124510.GA17893 () steve ! org ! uk
[Download RAW message or body]

  oping is setuid root application and one of the command line arguments allows
 a configuration file to be specified.  This file is read and *reported*
 to the console - Unless the file is lucky enough to look like a list
 of hostnames.

  Brief details here:

        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684

Steve
--
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic