Bugtraq mailing list archives
Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: Tomasz Kłoczko <kloczek () RUDY MIF PG GDA PL>
Date: Sun, 12 Nov 2000 23:12:41 +0100
On Sat, 11 Nov 2000, Michal Zalewski wrote:
On Sat, 11 Nov 2000, Alexander Schreiber wrote:Debian 2.2 (potato) default install checks for this:Mkey. During futher investigations I've found recent RH releases (6.2 and 7.0) seems to be not affected by this problem. But, as numerous systems are still based on older releases, and there were no security advisories on this silently fixed problem, shadow-utils might be still used in previous versions.
Short info about shadow package because few weeks ago maintainer was changed: - latest shadow package is 20001016, - main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/, - cvs repository is on cvs.pld.org.pl: :pserver:cvs () cvs pld org pl:/cvsroot shadow module (with empty password) - browseable cvsweb interface is on: http://cvsweb.pld.org.pl/index.cgi/shadow/ or http://cvs.pld.org.pl/shadow/ If anyone have some remarks to maintainer please mail me. kloczek -- ----------------------------------------------------------- *Ludzie nie mają problemów, tylko sobie sami je stwarzają* ----------------------------------------------------------- Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek () rudy mif pg gda pl*
Current thread:
- numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Bernhard Rosenkraenzer (Nov 11)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Alexander Schreiber (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Pavel Korovin (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Tomasz Kłoczko (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks Michal Zalewski (Nov 13)
- Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks hellman (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Jeff Bachtel (Nov 14)
- Re: numerous free/paid account systems are vulnerable to privledges elevation attacks Michal Zalewski (Nov 14)