[1386] in linux-security and linux-alert archive
[linux-security] /bin/login
daemon@ATHENA.MIT.EDU (Jeffrey J. Radice)
Thu Jan 16 13:57:29 1997
From: jjr@zilker.net (Jeffrey J. Radice)
To: linux-security@tarsier.cv.nrao.edu (linux-security)
Date: Thu, 16 Jan 1997 11:46:32 -0600 (CST)
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
>Their is a buffer overrun in /bin/login which has the potential to
>allow any user of your system to gain root access. util-linux-2.5-29
>contains a fix for this and is available for Red Hat Linux 4.0 on
>all four platforms. We strongly recommend that all of Red Hat 4.0
>usres apply this fix.
Does this bug affect the 'login' that is distributed
with shadow password suite (960129 is my version)?
Could someone explain the problem, and how to fix it if so.
-jjr
[Mod: Please refere to message posted to linux-security on Mon, 23 Dec 1996
under subject 'Buffer overflow in Linux's login program' -- alex]