[Pkg-shadow-devel] Bug#360657: passwd SIGSEGV on empty password
dann frazier
dannf at debian.org
Mon Apr 3 21:59:02 UTC 2006
On Mon, Apr 03, 2006 at 10:59:32PM +0200, Matteo Croce wrote:
> Package: passwd
> Version: 1:4.0.14-9
> Severity: critical
> Tags: security
> Justification: root security hole
>
> Just press ^D instead of the new password and passwd will segfaults.
> I think that this is grave because it's set uid root.
fyi, I can easily reproduce in sid, but not on sarge.
--
dann frazier
More information about the Pkg-shadow-devel
mailing list