Re: passwords changed?

To: debian-security@lists.debian.org
Subject: Re: passwords changed?
From: sciencewhiz@juno.com
Date: Sat, 10 Apr 2004 16:09:53 GMT
Message-id: <[🔎] 20040410.091007.13605.276989@webmail17.lax.untd.com>

>When was the last time you could login?  Have you done any changes since then?  
>Try copying the /etc/passwd and /etc/shadow to a test machine and see if it 
>lets you login then (IE test if it is actually a password change or something 
>broken in PAM etc).

There was a total of 5 hours between when I was succesfully able to log in and when I wasn't No changes were made between the last two times I logged in.


>What versions of sshd and proftpd?  Both of them have had security issues at 
>various times.

Like debian, Redhat doesn't update version numbers when they just patch a security bug. SSH was last patched for http://www.kb.cert.org/vuls/id/333628 and looks like the latest one. Proftp was vulnerable to this one: http://www.kb.cert.org/vuls/id/405348 but I don't consider it a high risk, because someone would have to upload the file. The passwords were reasonably secure.

Thanks for your advice

Reply to:

Follow-Ups:
- Re: passwords changed?
  - From: LeVA <leva@az.isten.hu>

Prev by Date: Re: passwords changed?
Next by Date: Re: passwords changed?
Previous by thread: Re: passwords changed?
Next by thread: Re: passwords changed?
Index(es):
- Date
- Thread