Debian Security Advisory
fte-console -- does not drop its root privileges
- Date Reported:
- 07 Dec 1998
- Affected Packages:
- fte
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-1999-1276.
- More information:
-
We have found that the fte package as supplied in our slink (frozen) and potato (unstable) archives does not drop its root privileges after initializing the virtual console device. This allows all users to read and write files with root privileges, and execute all programs as root.
A new package (version 0.46b-4.1) has been uploaded to fix this problem.
We recommend that you upgrade your fte package immediately.
- Fixed in:
- all archs - (in release 2.0) N/A all archs - (in release 2.1) fte-0.46b5-4.1 all archs - (in release 2.1) fte-console-0.46b5-4.1