Re: CVE request: oping allows the disclosure of arbitrary file contents

[Josh Bressers <bressers () redhat com>]

----- "Steve Kemp" <steve () steve org uk> wrote:

> oping is setuid root application and one of the command line arguments
> allows
>  a configuration file to be specified.  This file is read and
> *reported*
>  to the console - Unless the file is lucky enough to look like a list
>  of hostnames.
>
>   Brief details here:
>
>         http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548684

I've not found a CVE id for this anywhere, so here goes:

CVE-2009-3614 oping arbitrary local file disclosure

Thanks.

-- 
    JB