[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SECURITY: Debian Login? SECURITY: Important bug fix for /sbin/login (fwd)

Forwarded message warns of a exploit of login that allows local users
to obtain root. Patches are supplied for Redhat. 
	Is Debian subject to same bug? If so, are patches available? If
shadow passwords has been installed, does it replace this login?

Jon

---------- Forwarded message ----------
Date: Wed, 15 Jan 1997 15:18:11 -0500 (EST)
From: Erik Troan <ewt@redhat.com>
To: linux-security@redhat.com
Subject: [linux-security] SECURITY: Important bug fix for /sbin/login
Resent-Date: Thu, 16 Jan 1997 12:52:21 +0100
Resent-From: Rogier Wolff <wolff@rosie.et.tudelft.nl>
Resent-cc: recipient.list.not.shown:;



Their is a buffer overrun in /bin/login which has the potential to
allow any user of your system to gain root access. util-linux-2.5-29
contains a fix for this and is available for Red Hat Linux 4.0 on
all four platforms.  We strongly recommend that all of Red Hat 4.0
usres apply this fix.

Users of Red Hat Linux versions earlier then 4.0 should upgrade to 4.0 and
then apply all available security pacakges. 

Users whose computers have direct internet connections may apply
this update by using one of the following commands:

Intel:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/i386/util-linux-2.5-29.i386.rpm

Alpha:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/axp/util-linux-2.5-29.axp.rpm

SPARC:
rpm -Uvh ftp://ftp.redhat.com/updates/4.0/sparc/util-linux-2.5-29.sparc.rpm

All of these packages have been signed with Red Hat's PGP key.

Erik

[mod: Forwarded by Richard Jones, Mangled by me to make this appear
to have been sent by Erik himself... -- REW]
- -----------------------------------------------------------------------------
--
|       I told you I'm not very bright -- Sugar in "Some Like It Hot"         |
|      "RPM is the greatest thing since swap-space" - Bryan C. Andregg
|                                                                             |
|       Erik Troan   =   ewt@redhat.com     =    ewt@sunsite.unc.edu          |





--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: