leksbot -- improper setuid-root execution

2003-05-06T00:00:00
ID DSA-299
Type debian
Reporter Debian
Modified 2003-05-06T00:00:00

Description

Maurice Massar discovered that, due to a packaging error, the program /usr/bin/KATAXWR was inadvertently installed setuid root. This program was not designed to run setuid, and contained multiple vulnerabilities which could be exploited to gain root privileges.

For the stable distribution (woody) this problem has been fixed in version 1.2-3.1.

The old stable distribution (potato) does not contain a leksbot package.

For the unstable distribution (sid) this problem has been fixed in version 1.2-5.

We recommend that you update your leksbot package.