FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ChiTeX/ChiLaTeX unsafe set-user-id root

Affected packages
0 < zh-chitex

Details

VuXML ID 49ad1bf8-5d7e-11d8-80e3-0020ed76ef5a
Discovery 2003-04-25
Entry 2004-02-12

Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system(3) without setting up the environment, trivially allowing local root compromise.

References

URL http://cvsweb.freebsd.org/ports/chinese/chitex/Attic/Makefile?rev=1.5&content-type=text/x-cvsweb-markup