oss-sec mailing list archives
Re: Strange CVE situation (at least one ID should come of this)
From: Raphael Geissert <geissert () debian org>
Date: Tue, 30 Oct 2012 13:23:10 -0600
On Friday 26 October 2012 14:54:15 Josh Bressers wrote:
* It uses MD5 passwords * The shadow file is directly modified without locking (which could lead to a race condition) * If you get the password wrong, it doesn't unlink the empty temporary file.
By looking at the README: * It leaks the password via the process list Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- Re: Strange CVE situation (at least one ID should come of this), (continued)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Henri Salo (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: [security] [oss-security] Strange CVE situation (at least one ID should come of this) Greg Knaddison (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Seth Arnold (Oct 29)
- Re: Strange CVE situation (at least one ID should come of this) Kurt Seifried (Oct 30)
- Re: Strange CVE situation (at least one ID should come of this) Steven M. Christey (Oct 31)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) cve-assign (Nov 02)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Josh Bressers (Dec 05)
- Re: Strange CVE situation (at least one ID should come of this) Vincent Danen (Dec 05)