[1386] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] /bin/login

daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Thu Jan 16 13:57:29 1997

From: jjr@zilker.net (Jeffrey J. Radice)
To: linux-security@tarsier.cv.nrao.edu (linux-security)
Date: Thu, 16 Jan 1997 11:46:32 -0600 (CST)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


>Their is a buffer overrun in /bin/login which has the potential to
>allow any user of your system to gain root access. util-linux-2.5-29
>contains a fix for this and is available for Red Hat Linux 4.0 on
>all four platforms.  We strongly recommend that all of Red Hat 4.0
>usres apply this fix.

Does this bug affect the 'login' that is distributed
with shadow password suite (960129 is my version)?

Could someone explain the problem, and how to fix it if so.

-jjr

[Mod: Please refere to message posted to linux-security on Mon, 23 Dec 1996 
under subject 'Buffer overflow in Linux's login program' -- alex]


home help back first fref pref prev next nref lref last post