| Name | TEMP-0517018-A83CE6 |
| Description | sysvinit: no-root option in expert installer exposes locally exploitable security flaw |
| Source | Automatically generated temporary name. Not for external reference. |
| Debian Bugs | 517018 |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| sysvinit (PTS) | bullseye | 2.96-7+deb11u1 | vulnerable |
| bookworm | 3.06-4 | vulnerable |
| sid, trixie | 3.11-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| sysvinit | source | (unstable) | (unfixed) | unimportant | | 517018 |
Notes
hardly a security issue, if an attacker has local access to the machine and you
don't use encryption or something similar you have lost anyway
- this ^ philosophy is flawed; it should not be trivial to get root just because you
have local access to the machine. it is worth it to make it as difficult as
possible without impacting authorized users. otherwise, why spend so much effort
to make sure xscreensaver, gdm, and login are rock solid?
- i would like to track as low, rather than unimportant