zhcon Arbitrary File Disclosure

2005-01-25T09:42:31
ID OSVDB:13159
Type osvdb
Reporter Erik Sjölund()
Modified 2005-01-25T09:42:31

Description

Vulnerability Description

zhcon contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when zhcon accesses a configuration file supplied by the user with escalated privileges occurs, which will disclose arbitrary files information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): remove the setuid bit from zhcon.

Short Description

zhcon contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when zhcon accesses a configuration file supplied by the user with escalated privileges occurs, which will disclose arbitrary files information resulting in a loss of confidentiality.

References:

Security Tracker: 1012977 Secunia Advisory ID:13982 Secunia Advisory ID:13987 Secunia Advisory ID:13977 Other Advisory URL: http://www.debian.org/security/2005/dsa-655 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:012 CVE-2005-0072