Wilmer van der Gaast
2008-Aug-11 08:30 UTC
[Secure-testing-team] Bug#494656: bitlbee: Runs as root
Package: bitlbee Version: 1.2.1-1 Severity: grave Tags: security Justification: user security hole Since the fix to Mickey Mouse bug report 474589, BitlBee is runing as root for most people, since the "User =" line is commented out by default. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, ''testing''), (1, ''experimental'') Architecture: i386 (i686) Kernel: Linux 2.6.16.60-xen (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages bitlbee depends on: ii adduser 3.108 add and remove users and groups ii debconf [debconf-2.0] 1.5.22 Debian configuration management sy ii debianutils 2.30 Miscellaneous utilities specific t ii libc6 2.7-10 GNU C Library: Shared libraries ii libevent1 1.3e-3 An asynchronous event notification ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr ii net-tools 1.60-19 The NET-3 networking toolkit bitlbee recommends no packages. bitlbee suggests no packages. -- debconf-show failed