[16073] in bugtraq
Re: pam question
daemon@ATHENA.MIT.EDU (Wichert Akkerman)
Thu Aug 3 15:05:32 2000
Mail-Followup-To: Vincent Danen <vdanen@MANDRAKESOFT.COM>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="fXStkuK2IQBfcDe+"
Content-Disposition: inline
Message-Id: <20000803150218.D878@cistron.nl>
Date: Thu, 3 Aug 2000 15:02:19 +0200
Reply-To: Wichert Akkerman <wichert@CISTRON.NL>
From: Wichert Akkerman <wichert@CISTRON.NL>
X-To: Vincent Danen <vdanen@MANDRAKESOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000731195045.C25997@mandrakesoft.com>; from
vdanen@MANDRAKESOFT.COM on Mon, Jul 31, 2000 at 07:50:45PM -0400
--fXStkuK2IQBfcDe+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Previously Vincent Danen wrote:
> Hi there. I have a question about the security explots in pam that
> Connectiva and RedHat announced. Does anyone know what version the
> exploit first appeared in? Specifically, I'm wondering if versions
> 0.66 and 0.68 are afflicted with this exploit.
They are and they are not: pam_console is a redhat addition to the
PAM sourcecode. So the official PAM release are not affected at all,
but the redhat packaged version of PAM with the pam_console addition
is.
Wichert.
--=20
_________________________________________________________________
/ Generally uninteresting signature - ignore at your convenience \
| wichert@wiggy.net http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
--fXStkuK2IQBfcDe+
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjmJbVoACgkQPLiSUC+jvC2gfgCeMfvzDfovuiG0vAMIylUl712O
db8An04n0QLTUaykuHk1++XEmK1dvtWl
=WiCz
-----END PGP SIGNATURE-----
--fXStkuK2IQBfcDe+--
