Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks

From: Tomasz Kłoczko <kloczek () RUDY MIF PG GDA PL>
Date: Sun, 12 Nov 2000 23:12:41 +0100
On Sat, 11 Nov 2000, Michal Zalewski wrote:


On Sat, 11 Nov 2000, Alexander Schreiber wrote:


Debian 2.2 (potato) default install checks for this:


Mkey. During futher investigations I've found recent RH releases (6.2 and
7.0) seems to be not affected by this problem. But, as numerous systems
are still based on older releases, and there were no security advisories
on this silently fixed problem, shadow-utils might be still used in
previous versions.


Short info about shadow package because few weeks ago maintainer was
changed:
- latest shadow package is 20001016,
- main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/,
- cvs repository is on cvs.pld.org.pl:
  :pserver:cvs () cvs pld org pl:/cvsroot shadow module (with empty password)
- browseable cvsweb interface is on:
  http://cvsweb.pld.org.pl/index.cgi/shadow/ or
  http://cvs.pld.org.pl/shadow/

If anyone have some remarks to maintainer please mail me.

kloczek
--
-----------------------------------------------------------
*Ludzie nie mają problemów, tylko sobie sami je stwarzają*
-----------------------------------------------------------
Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek () rudy mif pg gda pl*
Previous By Date Next
Previous By Thread Next

Current thread: