Hi Robert, On Thu, May 19, 2005 at 11:19:50AM +0200, Robert Trebula wrote: > Package: libpam-cracklib > Version: 0.76-22 > Severity: critical > Tags: security > Justification: root security hole
> The only non-commented lines in /etc/pam.d/common-password: > password required pam_cracklib.so retry=3 minlen=6 difok=3 > password required pam_unix.so use_authtok nullok md5 > Example session of passwd program usage: > [EMAIL PROTECTED]:~$ passwd > Changing password for test > (current) UNIX password: > New UNIX password: > (index fread failed): Success > Segmentation fault > I am no security expert but I feel that suid-root programs should not > segfault. > I would be happy if you prove that it is my fault and there is no root > security hole here. Could you please send us a list of the contents of the /var/cache/cracklib/ directory on your system? Thanks, -- Steve Langasek postmodern programmer
signature.asc
Description: Digital signature
