Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: pam question

Re: pam question

From: Wichert Akkerman <wichert_at_CISTRON.NL>
Date: Thu, 3 Aug 2000 15:02:19 +0200

Previously Vincent Danen wrote:
> Hi there. I have a question about the security explots in pam that
> Connectiva and RedHat announced. Does anyone know what version the
> exploit first appeared in? Specifically, I'm wondering if versions
> 0.66 and 0.68 are afflicted with this exploit.

They are and they are not: pam_console is a redhat addition to the
PAM sourcecode. So the official PAM release are not affected at all,
but the redhat packaged version of PAM with the pam_console addition
is.

Wichert. 

-- 
  _________________________________________________________________
 / Generally uninteresting signature - ignore at your convenience  \
| wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |

  • application/pgp-signature attachment: stored
Received on Aug 03 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos