Linux Cubed Series 7: Sunsite

home *** CD-ROM | disk | FTP | other *** search

/ Linux Cubed Series 7: Sunsite / Linux Cubed Series 7 - Sunsite Vol 1.iso / system / admin / shadow-9.ann < prev next >

Wrap

PGP Message | 1996-11-17 | 3.7 KB | 88 lines

-----BEGIN PGP SIGNED MESSAGE----- Probably all versions of the Shadow Password Suite, as used on many Linux systems, have a serious security hole in the login program. It is possible to overwrite the stack by entering a long user name at the login prompt. This potentially allows remote users to gain root privileges. No prior access to the vulnerable system is necessary. Enclosed is a small patch to fix this bug. The complete package with this patch already applied is available from the primary site: ftp://ftp.ists.pwr.wroc.pl/pub/linux/shadow/shadow-960129.tar.gz and should soon be available from the mirror sites: ftp://ftp.icm.edu.pl/pub/Linux/shadow/ ftp://iguana.hut.fi/pub/linux/shadow/ ftp://ftp.cin.net/usr/ggallag/shadow/ ftp://ftp.netural.com/pub/linux/shadow/ Please verify the MD5 checksum before installation. 45dd0995bb27ca4fd4dd4c866a15e095 shadow-960129.tar.gz Please upgrade to this release immediately. Be careful, this is still BETA software. I don't know how many bugs like this still remain :-(. How this bug could go unnoticed for so many years is beyond me... Regards, Marek Michalkiewicz marekm@i17linuxb.ists.pwr.wroc.pl begin 644 shadow-951218-960129.diff.gz M'XL(`)E.##$"`WU6:V_;-A3];/V*.PQH[,AV+*=)&F<%DJX.YJ$IACK!@#U0 MT!)E<Y9(0:3BJ.B/W[FDW=E96R1V;)+W<<X]/$JF\IP&3?V>[$ID9C.X/$O& MR:N3#].;MW?3X>WLP_S^R];Y*!E?'FQ%@\'@.Y&=^U5#OPI-E-`HF8Q&^*7D M\F(4Q7'\G;2=.Z-]W/B21F>3T]/)2XZ[/(^NKVDPZH\H3OKCEW1]'<7W*V4) MOS@M2UDOI4Y;6C1+RM43U;*0PDHR.;F5W%:D2EB[,75&ME%.1G%N:GJG=/,T M)+HSUE%7Y:2-(U$4/:IJ^:A,8^E1UE89;4,VE*Q$NA9+).@*1US(37:@3H>G MPZ2_^U:N^X<L]6@E'B4)LK+FW%%L9=K4RK4H9Q:%+$EIWW)AEOB$Q64MRCYM M5BI=466<U$ZAO99*L98@P$5Q9:Q5B"7&4\L2AZA!`4O.T%(@36T`JJK5HRKD M4MIA%$?Q5#OTH)>HA#<^3UJ42`E,!PV4E:-4X(`%O7F.<P:,U(U&FE_`JL*V M:8J,EH8:#?I4*C/?BS7H4K?42E'[62UD:W1&I1P.?0_WJ&,TP.1HC-*5T$N$ M6J53><@;!_N&ABD-N+T:).*E311KN:%<"M?40$8T<^"82TD-GL$;,H>,C.K+ M4'<*$3J+XMD1AE**3(9^0R.V#[PN3)QU]4]CF0A]Y&@C`!KHD+'U$XUB7V\! M80"`01CCUV"G6X4Z/H07N0LMG]RN@YYG8I93:QH"J\0=/-?><^GUF77%*%)3 MEE)G$B@P[::"7`##F7!\%PY"K`E_=VH)92DS#&C-K:[P\OB!%G2KM0Q)K%-% MP<)B*4T&728YM!N@2VV:Y8J<*CV=]/-.MB7+2SY5T!EN)YK><N$@7<RF,&:] M55L4IR8+T85T$$CHZ&9^\QNI4,M*WF_1$9+:QE8J98;0#*NH-#625-*@Q'YB MXKQ]_XF/!&@;QK/@^]+HS"<0>FU_8$+NH*HUW>&RB6*MY$:EGZ*XY,7R6B47 M!;O%8JBLL\-J4P\WM4F'51%EW[#3G68/+6^[^A43W>YTYM#!6YE2<D&CB\D8 M%GK./GCV%?_<A>Q;Y\O)V<7D-/G/.L]&_5<4XQT)89Y$Q^$Z=7N4*5L5HK7! M*!U&(."0^[<_S)NW3>6@)A\^F\\?IA]O9^^F'Z?O;]ZP&*UT@6E_FT^D2T^4 MM8WDO6T5R)2#%S+G880+Z4M$,1WSBWX7M<:$)]M+7O*EPZBV&H.1E2QNZSC^ M83[]\/[F;OIQ/OMCZJ,QMEJDCKVOBSM?-!FKA>M@#7(4CK_KAOT=^#C8ER;_ M-/$:A-%E7`+/B@8Z?/-PB^R'B=V1I62$YQ`H+UL?;UOK9-DC^2C9O\.%6+%) MU:+E4@7?'BB!O<FC8"]@[_/AI^.]"N#[P)SAN'OV'+R6+7A3^Z<8P@V31?YJ M_`\X1IJN>_YJ^=L,B[$4FG!LPYC'2411_&,F<Z6?D<J-T0G@J4_2Y%WNH-?W M5W&'!\%Q1(]&8;)!-/Y4?SO87N2!=8YY\<IK,1E[,4*[_23Q:NPP%]VTHM?\ MA+DZYD^OZ0@_GS_3[MM?[N@JK>(8&3N=*W0\"&$*4:,K13_M1C7`/QTO7D!T ML*!J15TDZ%UQ^3]5'/^-T\<A3=P!,%X/(O,/YB^3.61A;_J,]WGAP\.'];]9 AWJ.(.^$!U=T_S:UU^!"CI`[\SR]S1%C]%QCB=RR]"0`` ` end -----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBMQxT4hS8Z5KBPKcRAQFrPQP+LEAX7nrxQPwLBCqbP4e/T0ZsjjVNxzDi dzAkStn3w7sm9s1scIjAAuchVJ/+u6Gk1d8IdXjoffuwD8gNWxhWyJIRxx9v7i5U vCHn+33WtVBYgWWWr+wosR/AzFfhVIXjpAyuqmXSyepwiLZ8ifB1PO5oAljZO0jQ Zh06dmWXJYw= =xkY1 -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.2i mQCNAi1ZZMkAAAEEAKEhX4FW+wCmgLhDJZ45jV7smfY1yebOoOq4raU/MbMMVKJm xSdzT924y0xnsWAE8KL6zHzcepyqE/JXSWVzhd2yRfAQgjdYBqgUP0WyqgjCnCCx thEYij24IN9WVgGV9gHsJfVORuazXXfpidPfC4ft6AN/VqGlnBS8Z5KBPKcRAAUT tDdNYXJlayBNaWNoYWxraWV3aWN6IDxtYXJla21AaTE3bGludXhiLmlzdHMucHdy Lndyb2MucGw+tDdNYXJlayBNaWNoYWxraWV3aWN6IDxtYXJla21AaTE3bGludXhh LmlzdHMucHdyLndyb2MucGw+tDBNYXJlayBNaWNoYWxraWV3aWN6IDxpbmQ0M0Bj aTN1eC5jaS5wd3Iud3JvYy5wbD4= =n6D8 -----END PGP PUBLIC KEY BLOCK-----