[22966] in bugtraq
Re: Flaws in recent Linux kernels
daemon@ATHENA.MIT.EDU (Scott Dier)
Tue Oct 23 17:21:22 2001
Date: Tue, 23 Oct 2001 14:49:54 -0500
From: Scott Dier <dieman@ringworld.org>
To: Solar Designer <solar@openwall.com>
Cc: Martin Kacer <m@kacer.net>, bugtraq@securityfocus.com,
Rafal Wojtczuk <nergal@7bulls.com>
Message-ID: <20011023144954.U2013@ringworld.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011023165238.A6013@openwall.com>
* Solar Designer <solar@openwall.com> [011023 09:29]:
> least one PAM'ified version of su(1) is suitable for the attack: the
> one that is included in the shadow suite and used on Debian. I also
On debian unstable/testing, the 'shadow-login' package does not exist,
and only the 'login' package exists. AFAIK, this only has the PAM-based
su in it.
On Progeny's newton release, this is also true.
On debian potato, it appears that the su there is also from pam.
Could you please cite the version of Debian next time? Your the second
person this month I've had to remind of this.
Hence, I believe the statment is refrencing a older version of stable,
users of 'stale' stable distributions should be advised that security
updates aren't given for anything but the 'current' stable version, and
that they should upgrade to potato.
--
Scott Dier <dieman@ringworld.org> <sdier@debian.org>
http://www.ringworld.org/ #linuxos@irc.openprojects.net
Just say NO to Product Activation!
