Package name
expect
Date
2001-11-21
Advisory ID
MDKSA-2001:087
Affected versions
8.1 i586

Problem description

A packaging problem that can lead to a root compromise existed in the expect package as provided in Mandrake Linux 8.1. expect would look for libraries in the directory /home/snailtalk/tmp/tcltk-root/usr/lib before any other and if such a user existed on the system, with rogue libraries, if root were to execute expect, a compromise could occur.

Updated packages

8.1 i586

 ae0c68032ee45c214fb7335ebb4dcd0d  8.1/RPMS/expect-8.3.3-9.1mdk.i586.rpm
9a9f9a5ca12504bbc45bff29a1029540  8.1/SRPMS/tcltk-8.3.3-9.1mdk.src.rpm