lv -- privilege escalation

2003-05-15T00:00:00
ID DSA-304
Type debian
Reporter Debian
Modified 2003-05-15T00:00:00

Description

Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security vulnerability. An attacker could gain the privileges of the user invoking lv, including root.

For the stable distribution (woody) this problem has been fixed in version 4.49.4-7woody2.

For the old stable distribution (potato) this problem has been fixed in version 4.49.3-4potato2.

For the unstable distribution (sid) this problem is fixed in version 4.49.5-2.

We recommend that you update your lv package.