Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Linux :: Apps N-Z :: lnx4904.htm

wmtv root compromise
6th Dec 2001 [SBWID-4904]



	wmtv version 0.6.5


	As reported in  Debian  Security  Advisory  DSA-092-1,  Nicolas  Boullis
	found a nasty security problem in the wmtv (a  dockable  video4linux  tv
	player for windowmaker) package as distributed in Debian GNU/Linux 2.2.

	wmtv can optionally run a command if you double-click on the tv  window.
	This command can be specified using the -e command-line option.  However
	since wmtv is installed suid root this command was  also  run  as  root,
	which gives local users a very simple way to get root access.



	Under Debian, this has been fixed in version 0.6.5-2potato1.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH