[17013] in bugtraq
Re: Very probable remote root vulnerability in cfengine
daemon@ATHENA.MIT.EDU (Ben Collins)
Tue Oct 3 01:37:46 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID: <20001002171440.A8605@visi.net>
Date: Mon, 2 Oct 2000 17:14:40 -0400
Reply-To: Ben Collins <bcollins@DEBIAN.ORG>
From: Ben Collins <bcollins@DEBIAN.ORG>
X-To: Pekka Savola <pekkas@NETCORE.FI>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0010020937520.14048-200000@netcore.fi>; from
pekkas@NETCORE.FI on Mon, Oct 02, 2000 at 09:56:30AM +0300
>
> 1.5.x and 1.6.0a10 were tested on Red Hat Linux; however, this is not
> part of Red Hat Linux or Powertools. Debian, at least, includes cfengine
> as a package.
>
FYI, cfd is not started by default on Debian installs, so unless the admin
enables the cfd daemon, there is no concern. However, I have compiled and
uploaded fixed packages (powerpc, sparc and i386 so far) to
porposed-updates and unstable. Expect an announcement from the security
team soon.
Ben
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
