[Secure-testing-team] Bug#494656: bitlbee: Runs as root
Wilmer van der Gaast
wilmer at gaast.net
Mon Aug 11 08:30:47 UTC 2008
Package: bitlbee
Version: 1.2.1-1
Severity: grave
Tags: security
Justification: user security hole
Since the fix to Mickey Mouse bug report 474589, BitlBee is runing as root
for most people, since the "User =" line is commented out by default.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.16.60-xen (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages bitlbee depends on:
ii adduser 3.108 add and remove users and groups
ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy
ii debianutils 2.30 Miscellaneous utilities specific t
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libevent1 1.3e-3 An asynchronous event notification
ii libglib2.0-0 2.16.4-2 The GLib library of C routines
ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr
ii net-tools 1.60-19 The NET-3 networking toolkit
bitlbee recommends no packages.
bitlbee suggests no packages.
-- debconf-show failed
More information about the Secure-testing-team
mailing list