[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [linux-security] util-linux login vulnerability

To: linux-security
Subject: Re: [linux-security] util-linux login vulnerability
From: Martin Siegert <siegert@sfu.ca>
Date: Fri, 28 Dec 2001 12:58:30 -0800
In-Reply-To: <20011023162405.A20956@stikine.ucs.sfu.ca>; from siegert@sfu.ca on Tue, Oct 23, 2001 at 04:24:05PM -0700
References: <20011023162405.A20956@stikine.ucs.sfu.ca>
User-Agent: Mutt/1.2.5i

On Tue, Oct 23, 2001 at 04:24:05PM -0700, Martin Siegert wrote:
> Topic
> =====
> The login program from the util-linux package can be used to gain other
> user's credentials.
> 
> Solution
> ========
> 
> RedHat 7.1
> ----------
> rpm -Fvh util-linux-2.11f-11.7.1.i386.rpm
> 
> RedHat 7.2
> ----------
> rpm -Fvh util-linux-2.11f-12.i386.rpm

The RPMs mentioned above contain bugs that affect telnet and also do not
set the controlling terminal correctly. RedHat has released new RPMs that
fix these problems (this is not a security issue).

RedHat 7.1, 7.2
---------------
rpm -Fvh util-linux-2.11f-17.i386.rpm

References:
- [linux-security] util-linux login vulnerability
  - From: Martin Siegert <siegert@sfu.ca>
- [linux-security] util-linux login vulnerability
  - From: Martin Siegert <siegert@sfu.ca>

Prev by Date: [linux-security] openssh sftp subsystem bugs
Next by Date: [linux-security] glibc glob bug: remote root exploit possible
Prev by thread: [linux-security] util-linux login vulnerability
Next by thread: [linux-security] another local root exploit in the Linux kernel
Index(es):
- Date
- Thread