Security Information / 1998 / Security Information -- fte-console

Debian Security Advisory

fte-console -- does not drop its root privileges

Date Reported:

07 Dec 1998

Affected Packages:

fte

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-1999-1276.

More information:

We have found that the fte package as supplied in our slink (frozen) and potato (unstable) archives does not drop its root privileges after initializing the virtual console device. This allows all users to read and write files with root privileges, and execute all programs as root.

A new package (version 0.46b-4.1) has been uploaded to fix this problem.

We recommend that you upgrade your fte package immediately.

Fixed in:

all archs - (in release 2.0) N/A all archs - (in release 2.1) fte-0.46b5-4.1 all archs - (in release 2.1) fte-console-0.46b5-4.1