Bugtraq mailing list archives

Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0

From: fifield () GHOST NSLUG NS CA (Jamie Fifield)
Date: Sat, 5 Feb 2000 22:00:24 -0400


wraith:~$ ls -l /usr/lib/libguile.so.6.0.0
-rwxrwxrwx  1 root   root    469196 Nov 20 17:55 /usr/lib/libguile.so.6.0.0

First reported some 57 days ago by Ethan Benson (bug ID #52415) and still
hasn't been fixed in the distribution.  Frozen-Potato testers out there should
be aware and chmod the file to 644.  This file reportedly occurs on a fresh
potato install, and occured on my slink->potato upgraded install.

AFAIK, libguile is used by gnucash in Debian, which can be used to handle
sensitive financial information.

My appologies if this is already widely known outside of Debian, it was news
to me when I came across the filed bug report.

--
Jamie Fifield
<fifield () chebucto ns ca>

Current thread:

RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 03)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jaanus Kase (Feb 04)
  - Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Aaron Ross (Feb 08)
  - Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Jeremy Whittington (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Barclay Osborn (Feb 04)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) van der Meulen, Robert (Feb 05)
  - DBI bind values [was Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory)] Kelly.Setzer () INGRAMENTERTAINMENT COM (Feb 07)
- Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Jamie Fifield (Feb 05)
  - Re: Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 Torsten Landschoff (Feb 08)
- <Possible follow-ups>
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) rain forest puppy (Feb 08)
- Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) Smith, Eric V. (Feb 09)
  - Re: RFP2K01 - "How I hacked Packetstorm" (wwwthreads advisory) W. Craig Trader (Feb 09)
  - FireWall-1 FTP Server Vulnerability John McDonald (Feb 09)
  - ASP Security Hole (fwd) bgreenbaum () SECURITYFOCUS COM (Feb 09)
    - Re: ASP Security Hole (fwd) Rob Systhine (Feb 10)
  - Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Mikael Olsson (Feb 10)
  - NT Service Pack requirements (Bell Atlantic DSL) Bob Kline (Feb 10)
    - Re: NT Service Pack requirements (Bell Atlantic DSL) Jonathan M. Bresler (Feb 11)