Home page logo

bugtraq logo Bugtraq mailing list archives

Re: numerous free/paid account systems are vulnerable to privledgeselevation attacks
From: Tomasz Kłoczko <kloczek () RUDY MIF PG GDA PL>
Date: Sun, 12 Nov 2000 23:12:41 +0100

On Sat, 11 Nov 2000, Michal Zalewski wrote:

On Sat, 11 Nov 2000, Alexander Schreiber wrote:

Debian 2.2 (potato) default install checks for this:

Mkey. During futher investigations I've found recent RH releases (6.2 and
7.0) seems to be not affected by this problem. But, as numerous systems
are still based on older releases, and there were no security advisories
on this silently fixed problem, shadow-utils might be still used in
previous versions.

Short info about shadow package because few weeks ago maintainer was
- latest shadow package is 20001016,
- main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/,
- cvs repository is on cvs.pld.org.pl:
  :pserver:cvs () cvs pld org pl:/cvsroot shadow module (with empty password)
- browseable cvsweb interface is on:
  http://cvsweb.pld.org.pl/index.cgi/shadow/ or

If anyone have some remarks to maintainer please mail me.

*Ludzie nie mają problemów, tylko sobie sami je stwarzają*
Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek () rudy mif pg gda pl*

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]