Bugtraq mailing list archives
Re: security limitation for RSAAuthentication with StrictModes
From: coxa () cableol net (Alan Cox)
Date: Mon, 12 Aug 1996 09:47:55 +0100
mhpower () MIT EDU wrote:
Debian Linux, including version 1.1, and specifically including versions 1.1.0-13 and 1.1.0-14 of the "base" package. Check /etc/passwd for: nobody:*:65534:65534:nobody:/tmp:/bin/sh SunOS versions outside of the Solaris 2.x series, including SunOS 4.1.4. Check /etc/passwd for: uucp:*:4:8::/var/spool/uucppublic:
These should also be fixed because there are other tools that don't check ownership and rules (like fingerd). True ssh should have yelled about the problem and refused to log you in, also true nobody should have shipped such an elementary mistake Alan
Current thread:
- Re: security limitation for RSAAuthentication with StrictModes mhpower () MIT EDU (Aug 09)
- <Possible follow-ups>
- Re: security limitation for RSAAuthentication with StrictModes Alan Cox (Aug 12)