[17625] in bugtraq
Re: numerous free/paid account systems are vulnerable to
daemon@ATHENA.MIT.EDU (=?ISO-8859-2?Q?Tomasz_K=B3oczko?=)
Mon Nov 13 12:02:50 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: 8BIT
Message-Id: <Pine.LNX.4.21.0011122254270.32206-100000@rudy.mif.pg.gda.pl>
Date: Sun, 12 Nov 2000 23:12:41 +0100
Reply-To: =?ISO-8859-2?Q?Tomasz_K=B3oczko?= <kloczek@RUDY.MIF.PG.GDA.PL>
From: =?ISO-8859-2?Q?Tomasz_K=B3oczko?= <kloczek@RUDY.MIF.PG.GDA.PL>
X-To: Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0011110014570.30343-100000@dione.ids.pl>
On Sat, 11 Nov 2000, Michal Zalewski wrote:
> On Sat, 11 Nov 2000, Alexander Schreiber wrote:
>
> > Debian 2.2 (potato) default install checks for this:
>
> Mkey. During futher investigations I've found recent RH releases (6.2 and
> 7.0) seems to be not affected by this problem. But, as numerous systems
> are still based on older releases, and there were no security advisories
> on this silently fixed problem, shadow-utils might be still used in
> previous versions.
Short info about shadow package because few weeks ago maintainer was
changed:
- latest shadow package is 20001016,
- main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/,
- cvs repository is on cvs.pld.org.pl:
:pserver:cvs@cvs.pld.org.pl:/cvsroot shadow module (with empty password)
- browseable cvsweb interface is on:
http://cvsweb.pld.org.pl/index.cgi/shadow/ or
http://cvs.pld.org.pl/shadow/
If anyone have some remarks to maintainer please mail me.
kloczek
--
-----------------------------------------------------------
*Ludzie nie maj1 problemsw, tylko sobie sami je stwarzaj1*
-----------------------------------------------------------
Tomasz K3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*