Bugtraq mailing list archives

Re: Flaws in recent Linux kernels

From: Scott Dier <dieman () ringworld org>
Date: Tue, 23 Oct 2001 14:49:54 -0500

* Solar Designer <solar () openwall com> [011023 09:29]:

least one PAM'ified version of su(1) is suitable for the attack: the
one that is included in the shadow suite and used on Debian.  I also


On debian unstable/testing, the 'shadow-login' package does not exist,
and only the 'login' package exists.  AFAIK, this only has the PAM-based
su in it.

On Progeny's newton release, this is also true.

On debian potato, it appears that the su there is also from pam.

Could you please cite the version of Debian next time?  Your the second
person this month I've had to remind of this.

Hence, I believe the statment is refrencing a older version of stable,
users of 'stale' stable distributions should be advised that security
updates aren't given for anything but the 'current' stable version, and
that they should upgrade to potato.

-- 
Scott Dier <dieman () ringworld org> <sdier () debian org>
http://www.ringworld.org/  #linuxos () irc openprojects net

Just say NO to Product Activation!

Current thread:

Flaws in recent Linux kernels Rafal Wojtczuk (Oct 18)
- RE: Flaws in recent Linux kernels Demitrious Kelly (Oct 18)
- Re: Flaws in recent Linux kernels Martin Kacer (Oct 19)
  - Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 22)
    - Re: Flaws in recent Linux kernels Pavel Kankovsky (Oct 27)
  - Re: Flaws in recent Linux kernels Solar Designer (Oct 23)
    - Re: Flaws in recent Linux kernels Scott Dier (Oct 23)
- Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 25)
  - Re: Flaws in recent Linux kernels Mariusz Woloszyn (Oct 27)
    - Re: Flaws in recent Linux kernels Thomas Fischbacher (Oct 27)