[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#360578: marked as done (busybox: passwd uses null salt (weak encryption) [CVE-2006-1058])

Your message dated Thu, 22 Jun 2006 20:39:22 +0200
with message-id <200606222039.23615.elendil@planet.nl>
and subject line Bug#360578: Update
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: busybox
Version: 1.01-4
Severity: normal
Tags: security yatch

busybox' passwd always uses an empty salt for md5 passwords, so that
passwords can be broken much faster (with fast table-based
approaches). Please see [1] for the upstream bug report and [2] for
the Ubuntu patch.

Thank you,


[1] http://bugs.busybox.net/view.php?id=604
[2] http://patches.ubuntu.com/patches/busybox.CVE-2006-1058.diff

Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

Attachment: signature.asc
Description: Digital signature

--- End Message ---
--- Begin Message ---
Version: 1:1.1.3-1

On Thursday 22 June 2006 20:14, Julien Goodwin wrote:
> As busybox 1.1.3 is now in unstable this bug should be marked fixed in
> 1.1.3

Done. Thanks.

--- End Message ---

Reply to: