On Mon, Dec 08, 2008 at 09:37:42AM +1100, [EMAIL PROTECTED] wrote:
The bug should affect ubuntu and probably gentoo (4.1.2.2 already
packaged). Not RedHat / Mandrake.
A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
also affected. I do not know about RHEL.
On Mon, Dec 08, 2008 at 11:22:34AM +0100, Nicolas François wrote:
On Mon, Dec 08, 2008 at 09:37:42AM +1100, [EMAIL PROTECTED] wrote:
The bug should affect ubuntu and probably gentoo (4.1.2.2 already
packaged). Not RedHat / Mandrake.
A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm
Dear Nicolas,
On 23 Nov you wrote:
- alert other Linux distros,
A new upstream version was released this weekend.
Have not seen any distros make announcements. What distros use that?
(Am surprised that even Ubuntu has not updated, though normally they
seem responsive.)
Cheers, Paul
Paul
On Mon, Dec 08, 2008 at 08:20:36AM +1100, [EMAIL PROTECTED] wrote:
Dear Nicolas,
On 23 Nov you wrote:
- alert other Linux distros,
A new upstream version was released this weekend.
Have not seen any distros make announcements. What distros use that?
(Am surprised that even Ubuntu
The bug should affect ubuntu and probably gentoo (4.1.2.2 already
packaged). Not RedHat / Mandrake.
A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
also affected. I do not know about RHEL.
Ubuntu now notified directly:
I wrote a little while ago:
A quick peek into shadow-utils-4.1.2-8.fc10.src.rpm suggests Fedora is
also affected. I do not know about RHEL.
A quick peek into shadow-utils-4.0.17-14.el5.src.rpm suggests RHEL is
just as bad.
Cheers, Paul
Paul Szabo [EMAIL PROTECTED]
On Sat, Nov 22, 2008 at 10:03:39PM +1100, Paul Szabo wrote:
Dear Moritz,
Yes, Nicolas's patch does fix the problem. But please note:
(1) It is my patch, not Nicolas's, was first proposed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505071#15
(2) There is no such patch, nobody has
Dear Moritz,
Seems your message relates to old things, Nicolas has fixed this for
lenny already.
Please also:
- fix for etch,
- alert other Linux distros,
- issue DSA.
Thanks,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics
Hello,
On Mon, Nov 24, 2008 at 08:01:42AM +1100, [EMAIL PROTECTED] wrote:
Seems your message relates to old things, Nicolas has fixed this for
lenny already.
I've made an upload to fix #505271, but not this bug (#505071).
The answer on debian-release was not enough for me to also fix
On Sun, Nov 23, 2008 at 10:24:26PM +0100, Nicolas François wrote:
Hello,
On Mon, Nov 24, 2008 at 08:01:42AM +1100, [EMAIL PROTECTED] wrote:
Seems your message relates to old things, Nicolas has fixed this for
lenny already.
I've made an upload to fix #505271, but not this bug
On Sun, Nov 23, 2008 at 10:29:55PM +0100, [EMAIL PROTECTED] wrote:
On Sun, Nov 23, 2008 at 10:24:26PM +0100, Nicolas François wrote:
I made an upload for Etch (-7etch1, also to fix #505271)
Moritz, if you can't see it, maybe I did it wrong.
I don't see any trace of it on klecker? Can
On Fri, Nov 14, 2008 at 08:33:43PM +1100, Paul Szabo wrote:
Dear Nekral,
Long ago you wrote:
... Should I attempt to write an exploit/demo?
That would be nice to check if it would be possible to chown
/etc/shadow by cheating utmp.
Done, I now have a working PoC/demo/exploit ... am
Dear Moritz,
Yes, Nicolas's patch does fix the problem. But please note:
(1) It is my patch, not Nicolas's, was first proposed in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505071#15
(2) There is no such patch, nobody has made a diff file,
much less a compiled/built package to try.
Dear Nekral,
Long ago you wrote:
... Should I attempt to write an exploit/demo?
That would be nice to check if it would be possible to chown
/etc/shadow by cheating utmp.
Done, I now have a working PoC/demo/exploit ... am not yet releasing
it publicly.
Cheers,
Paul Szabo [EMAIL
14 matches
Mail list logo
