[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
[ The following text is in the "ISO-8859-2" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
On Sat, 11 Nov 2000, Michal Zalewski wrote:
> On Sat, 11 Nov 2000, Alexander Schreiber wrote:
>
> > Debian 2.2 (potato) default install checks for this:
>
> Mkey. During futher investigations I've found recent RH releases (6.2 and
> 7.0) seems to be not affected by this problem. But, as numerous systems
> are still based on older releases, and there were no security advisories
> on this silently fixed problem, shadow-utils might be still used in
> previous versions.
Short info about shadow package because few weeks ago maintainer was
changed:
- latest shadow package is 20001016,
- main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/,
- cvs repository is on cvs.pld.org.pl:
:pserver:cvs@cvs.pld.org.pl:/cvsroot shadow module (with empty password)
- browseable cvsweb interface is on:
http://cvsweb.pld.org.pl/index.cgi/shadow/ or
http://cvs.pld.org.pl/shadow/
If anyone have some remarks to maintainer please mail me.
kloczek
--
-----------------------------------------------------------
*Ludzie nie mają problemów, tylko sobie sami je stwarzają*
-----------------------------------------------------------
Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*
|
