2005-01-29 05:00:00
mitre
PUBLISHED
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.