CVE-2005-0072 - Sciaenid Echelon

Description

zhcon before 0.2 does not drop privileges before reading a user configuration file which allows local users to read arbitrary files.

Reference

http://www.debian.org/security/2005/dsa-655 http://www.securityfocus.com/bid/12343 http://securitytracker.com/id?1012977 http://secunia.com/advisories/13977 http://secunia.com/advisories/13982 http://secunia.com/advisories/13987 http://www.mandriva.com/security/advisories?name=MDKSA-2005:012 https://exchange.xforce.ibmcloud.com/vulnerabilities/19045