oss-sec mailing list archives
Re: Disputing CVE-2011-4122
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 08 Dec 2011 14:53:46 -0700
The documentation you linked to above is for LinuxPAM, not OpenPAM. They're different systems and the bug only affects OpenPAM. --Jeff
Right, my thought/comment is more around the point that this isn't defined in general very well anywhere (that I can find, and I assume OpenPAM and Linux PAM are going to implement things in a roughly similar manner) and that it probably should be defined better. In the meantime though it is likely that restrictions/filtering can be implemented but it needs to be done carefully since there is the potential for weirdness. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- Disputing CVE-2011-4122 Jeff Mitchell (Dec 07)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 08)
- Re: Disputing CVE-2011-4122 Kurt Seifried (Dec 07)
- Re: Disputing CVE-2011-4122 Jeff Mitchell (Dec 26)
- Re: Disputing CVE-2011-4122 Solar Designer (Dec 27)
- Re: Disputing CVE-2011-4122 Sebastian Krahmer (Dec 28)