[17625] in bugtraq

home help back first fref pref prev next nref lref last post

Re: numerous free/paid account systems are vulnerable to

daemon@ATHENA.MIT.EDU (=?ISO-8859-2?Q?Tomasz_K=B3oczko?=)
Mon Nov 13 12:02:50 2000

Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-2
Content-Transfer-Encoding: 8BIT
Message-Id:  <Pine.LNX.4.21.0011122254270.32206-100000@rudy.mif.pg.gda.pl>
Date:         Sun, 12 Nov 2000 23:12:41 +0100
Reply-To: =?ISO-8859-2?Q?Tomasz_K=B3oczko?= <kloczek@RUDY.MIF.PG.GDA.PL>
From: =?ISO-8859-2?Q?Tomasz_K=B3oczko?= <kloczek@RUDY.MIF.PG.GDA.PL>
X-To:         Michal Zalewski <lcamtuf@DIONE.IDS.PL>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <Pine.LNX.4.21.0011110014570.30343-100000@dione.ids.pl>

On Sat, 11 Nov 2000, Michal Zalewski wrote:

> On Sat, 11 Nov 2000, Alexander Schreiber wrote:
>
> > Debian 2.2 (potato) default install checks for this:
>
> Mkey. During futher investigations I've found recent RH releases (6.2 and
> 7.0) seems to be not affected by this problem. But, as numerous systems
> are still based on older releases, and there were no security advisories
> on this silently fixed problem, shadow-utils might be still used in
> previous versions.

Short info about shadow package because few weeks ago maintainer was
changed:
- latest shadow package is 20001016,
- main ftp site for shadow is ftp://ftp.pld.org.pl/software/shadow/,
- cvs repository is on cvs.pld.org.pl:
  :pserver:cvs@cvs.pld.org.pl:/cvsroot shadow module (with empty password)
- browseable cvsweb interface is on:
  http://cvsweb.pld.org.pl/index.cgi/shadow/ or
  http://cvs.pld.org.pl/shadow/

If anyone have some remarks to maintainer please mail me.

kloczek
--
-----------------------------------------------------------
*Ludzie nie maj1 problemsw, tylko sobie sami je stwarzaj1*
-----------------------------------------------------------
Tomasz K3oczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek@rudy.mif.pg.gda.pl*

home help back first fref pref prev next nref lref last post