Home page logo
  • Nmap Security Scanner
  • Security Lists
  • Security Tools
  • Site News
  • Advertising
  • About/Contact
  • Sponsors:



/

fulldisclosure logo Full Disclosure mailing list archives

/bin/login DoS remains after DSA-1709
From: Paul Szabo <psz () maths usyd edu au>
Date: Sat, 24 Jan 2009 16:06:29 +1100
Even after DSA-1709, /bin/login in Debian is vulnerable to a local DoS
attack; the attacker does not need special privileges to succeed. For
details please see
 
  http://www.debian.org/security/2009/dsa-1709
  http://bugs.debian.org/505271
  http://bugs.debian.org/505071
 
I do not know what practical uses this DoS could have.

(Debian and Ubuntu are vulnerable, I believe RedHat is not. I do not
know about other distros.)

Cheers,

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • /bin/login DoS remains after DSA-1709 Paul Szabo (Jan 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]