On Friday 23 January 2009 04:06, Paul Szabo wrote:
> Belatedly, I realize that this still leaves a DoS attack: fill up utmp
> with entries for all possible PIDs, then login will fail. Maybe that is
> "properly" Bug#505071 (as distinct from this one)? Please see there
> about ideas on how to perform
Thanks for the DSA-1709 fix.
Belatedly, I realize that this still leaves a DoS attack: fill up utmp
with entries for all possible PIDs, then login will fail. Maybe that is
"properly" Bug#505071 (as distinct from this one)? Please see there
about ideas on how to perform this DoS without access to g
Hi Paul,
On Thursday 27 November 2008 10:13, Paul Szabo wrote:
> How long do you expect it will take to "in fact" fix this bug (which is
> closed, pretend-fixed, still set to just "serious" severity)? Would it
> cause problems if I posted the exploit on Monday 1 Dec?
Sorry for the delay incurred
Dear Nicolas and Moritz,
How long do you expect it will take to "in fact" fix this bug (which is
closed, pretend-fixed, still set to just "serious" severity)? Would it
cause problems if I posted the exploit on Monday 1 Dec?
Thanks, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.
Please fix for etch also. Please issue DSA.
Please alert other Linux distros, they are also affected.
Since you claim this issue is fixed, surely (?!) there is no harm
in making the exploit public. Should (may) I do that now?
Cheers, Paul
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.ed
5 matches
Mail list logo