[Pkg-shadow-devel] Bug#283961: marked as done (chpasswd ignores system MD5 configuration)

[Debian Bug Tracking System]

Your message dated Wed, 23 Mar 2005 18:39:14 +0100
with message-id <20050323173914.GE13294@mykerinos.kheops.frmug.org>
and subject line Acknowledging NMUs
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 2 Dec 2004 15:51:34 +0000
>From ian@penguinhosting.net Thu Dec 02 07:51:34 2004
Return-path: <ian@penguinhosting.net>
Received: from zeus.penguinhosting.net [69.9.164.98] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1CZtF0-00048J-00; Thu, 02 Dec 2004 07:51:34 -0800
Received: (qmail 32601 invoked by uid 1000); 2 Dec 2004 15:51:33 -0000
Date: Thu, 2 Dec 2004 10:51:31 -0500
From: Ian Gulliver <ian@penguinhosting.net>
To: submit@bugs.debian.org
Subject: chpasswd ignores system MD5 configuration
Message-ID: <20041202155130.GF2741@penguinhosting.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="zjcmjzIkjQU2rmur"
Content-Disposition: inline
X-Operating-System: Linux puck 2.6.9-1-686 
User-Agent: Mutt/1.5.6+20040722i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 


--zjcmjzIkjQU2rmur
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: passwd
Version: 4.0.3-30.4
Severity: important
Tags: security

Issue also appears in 20000902-12woody1.

The chpasswd program ignores the system MD5 setting in /etc/pam.d/passwd
(also tried MD5_CRYPT_ENAB in /etc/login.defs) and instead hashes all
passwords with DES.  In the case of compromise of /etc/shadow, this
greatly increases the ease with which attackers can crack back passwords.
The system administrator thinks that they are using strong hashing until
they closely examine /etc/shadow.

--=20
Ian Gulliver
Penguin Hosting
"Failure is not an option; it comes bundled with your Microsoft products."

--zjcmjzIkjQU2rmur
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBrzoCefI+qeoOjxURAs5NAJ9kYD8R8sAFc519JLS9D7Enb8efoACcDe8j
Af2m1lHnXWq+njBg5MdWMg0=
=MW9/
-----END PGP SIGNATURE-----

--zjcmjzIkjQU2rmur--

---------------------------------------
Received: (at 283961-done) by bugs.debian.org; 23 Mar 2005 19:12:36 +0000
>From bubulle@kheops.frmug.org Wed Mar 23 11:12:35 2005
Return-path: <bubulle@kheops.frmug.org>
Received: from perrier.eu.org (kheops.perrier.eu.org) [81.56.227.253] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DEAtZ-0004Xm-00; Wed, 23 Mar 2005 10:47:57 -0800
Received: from localhost (localhost [127.0.0.1])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 7D1F14F8AB;
	Wed, 23 Mar 2005 19:47:25 +0100 (CET)
Received: from kheops.perrier.eu.org ([127.0.0.1])
	by localhost (kheops [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 28665-08; Wed, 23 Mar 2005 19:47:23 +0100 (CET)
Received: from mykerinos.kheops.frmug.org (mykerinos.kheops.frmug.org [192.168.1.3])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 054824F8AA;
	Wed, 23 Mar 2005 19:47:22 +0100 (CET)
Received: by mykerinos.kheops.frmug.org (Postfix, from userid 7426)
	id CE3EB232A0; Wed, 23 Mar 2005 18:39:14 +0100 (CET)
Date: Wed, 23 Mar 2005 18:39:14 +0100
From: Christian Perrier <bubulle@debian.org>
To: 284239-done@bugs.debian.org, 283961-done@bugs.debian.org,
	269907-done@bugs.debian.org, 271407-done@bugs.debian.org,
	277563-done@bugs.debian.org, 141322-done@bugs.debian.org,
	270168-done@bugs.debian.org, 242055-done@bugs.debian.org,
	242586-done@bugs.debian.org, 242813-done@bugs.debian.org,
	257700-done@bugs.debian.org, 260645-done@bugs.debian.org,
	261022-done@bugs.debian.org, 261553-done@bugs.debian.org,
	262928-done@bugs.debian.org, 263957-done@bugs.debian.org,
	264956-done@bugs.debian.org, 268051-done@bugs.debian.org,
	268151-done@bugs.debian.org, 268412-done@bugs.debian.org,
	268646-done@bugs.debian.org, 269967-done@bugs.debian.org,
	270083-done@bugs.debian.org, 273585-done@bugs.debian.org,
	275781-done@bugs.debian.org, 277741-done@bugs.debian.org,
	277751-done@bugs.debian.org, 278051-done@bugs.debian.org,
	282160-done@bugs.debian.org, 282443-done@bugs.debian.org,
	282580-done@bugs.debian.org, 284338-done@bugs.debian.org,
	286522-done@bugs.debian.org, 288879-done@bugs.debian.org,
	289837-done@bugs.debian.org, 291703-done@bugs.debian.org,
	292353-done@bugs.debian.org, 293911-done@bugs.debian.org,
	294330-done@bugs.debian.org, 295543-done@bugs.debian.org
Subject: Acknowledging NMUs
Message-ID: <20050323173914.GE13294@mykerinos.kheops.frmug.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-message-flag: Outlook is a good virus spreading tool. It can send mail, too.
X-pot_a_miel: honeypot@kheops.frmug.org
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at kheops.frmug.org
Delivered-To: 283961-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Given that the shadow package maintenance team has now taken over this
package, we can know acknowledge all non-maintainer uploads which were
made during the interim period.

So, hoping I made no typo, I hereby close all these bugs
definitely. Thanks a lot to all bug reporters.



--