Info

Disclosure

Jan 25, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

zhcon contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when zhcon accesses a configuration file supplied by the user with escalated privileges occurs, which will disclose arbitrary files information resulting in a loss of confidentiality.

Classification

Location: Local Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Unknown

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): remove the setuid bit from zhcon.

Products

zhcon

0.2.3

References

Security Tracker: 1012977
Secunia Advisory ID: 13977 13982 13987
CVE ID: 2005-0072 (see also: NVD)
Other Advisory URL: http://www.debian.org/security/2005/dsa-655
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:012

Credit

Erik Sjölund -

Direct URL: http://osvdb.org/36218