oss-sec mailing list archives
CVE request: oping allows the disclosure of arbitrary file contents
From: Steve Kemp <steve () steve org uk>
Date: Mon, 28 Sep 2009 13:45:10 +0100
oping is setuid root application and one of the command line arguments allows
a configuration file to be specified. This file is read and *reported*
to the console - Unless the file is lucky enough to look like a list
of hostnames.
Brief details here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684
Steve
--
Current thread:
- CVE request: oping allows the disclosure of arbitrary file contents Steve Kemp (Sep 28)
