[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pkg-shadow-devel
Subject:    [Pkg-shadow-devel] Bug#505271: closed ... fixed in shadow 1:4.1.1-6
From:       Thijs Kinkhorst <thijs () debian ! org>
Date:       2009-01-26 13:37:52
Message-ID: 200901261437.58344.thijs () debian ! org
[Download RAW message or body]


On Friday 23 January 2009 04:06, Paul Szabo wrote:
> Belatedly, I realize that this still leaves a DoS attack: fill up utmp
> with entries for all possible PIDs, then login will fail. Maybe that is
> "properly" Bug#505071 (as distinct from this one)? Please see there
> about ideas on how to perform this DoS without access to group utmp.

Although from the description I think it's definately something that's good to 
fix, I do not think it's that serious to be a DSA. Still, thanks for your 
help in analysing these issues - I hope Nicolas will pick up on this for a 
future release of shadow.


cheers,
Thijs

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]