TEMP-0517018-A83CE6

NameTEMP-0517018-A83CE6
Descriptionsysvinit: no-root option in expert installer exposes locally exploitable security flaw
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs517018

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sysvinit (PTS)wheezy2.88dsf-41+deb7u1vulnerable
jessie2.88dsf-59vulnerable
stretch2.88dsf-59.9vulnerable
buster, sid2.88dsf-59.10vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sysvinitsource(unstable)(unfixed)unimportant517018

Notes

hardly a security issue, if an attacker has local access to the machine and you
don't use encryption or something similar you have lost anyway
- this ^ philosophy is flawed; it should not be trivial to get root just because you
have local access to the machine. it is worth it to make it as difficult as
possible without impacting authorized users. otherwise, why spend so much effort
to make sure xscreensaver, gdm, and login are rock solid?
- i would like to track as low, rather than unimportant

Search for package or bug name: Reporting problems