FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ChiTeX/ChiLaTeX unsafe set-user-id root

Affected packages
0 < zh-chitex

Details

VuXML ID 49ad1bf8-5d7e-11d8-80e3-0020ed76ef5a
Discovery 2003-04-25
Entry 2004-02-12

Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system(3) without setting up the environment, trivially allowing local root compromise.

References

URL https://docs.freebsd.org/cgi/mid.cgi?200303251301.h2PD1m9Y053389

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.