Home page logo

oss-sec logo oss-sec mailing list archives

Re: Strange CVE situation (at least one ID should come of this)
From: Raphael Geissert <geissert () debian org>
Date: Tue, 30 Oct 2012 13:23:10 -0600

On Friday 26 October 2012 14:54:15 Josh Bressers wrote:
* It uses MD5 passwords
* The shadow file is directly modified without locking (which could lead
to a race condition)
* If you get the password wrong, it doesn't unlink the empty temporary

By looking at the README:
* It leaks the password via the process list

Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]