oss-sec mailing list archives

CVE request: oping allows the disclosure of arbitrary file contents


From: Steve Kemp <steve () steve org uk>
Date: Mon, 28 Sep 2009 13:45:10 +0100

  oping is setuid root application and one of the command line arguments allows
 a configuration file to be specified.  This file is read and *reported*
 to the console - Unless the file is lucky enough to look like a list
 of hostnames.

  Brief details here:

        http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684

Steve
--


Current thread: