[prev in list] [next in list] [prev in thread] [next in thread]
List: pkg-shadow-devel
Subject: [Pkg-shadow-devel] Bug#505271: closed ... fixed in shadow 1:4.1.1-6
From: Thijs Kinkhorst <thijs () debian ! org>
Date: 2009-01-26 13:37:52
Message-ID: 200901261437.58344.thijs () debian ! org
[Download RAW message or body]
On Friday 23 January 2009 04:06, Paul Szabo wrote:
> Belatedly, I realize that this still leaves a DoS attack: fill up utmp
> with entries for all possible PIDs, then login will fail. Maybe that is
> "properly" Bug#505071 (as distinct from this one)? Please see there
> about ideas on how to perform this DoS without access to group utmp.
Although from the description I think it's definately something that's good to
fix, I do not think it's that serious to be a DSA. Still, thanks for your
help in analysing these issues - I hope Nicolas will pick up on this for a
future release of shadow.
cheers,
Thijs
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic