2005-01-29 10:00:00
mitre
PUBLISHED
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.