[Pkg-shadow-devel] Bug#505271: closed ... fixed in shadow 1:4.1.1-6
Thijs Kinkhorst
thijs at debian.org
Mon Jan 26 13:37:52 UTC 2009
On Friday 23 January 2009 04:06, Paul Szabo wrote:
> Belatedly, I realize that this still leaves a DoS attack: fill up utmp
> with entries for all possible PIDs, then login will fail. Maybe that is
> "properly" Bug#505071 (as distinct from this one)? Please see there
> about ideas on how to perform this DoS without access to group utmp.
Although from the description I think it's definately something that's good to
fix, I do not think it's that serious to be a DSA. Still, thanks for your
help in analysing these issues - I hope Nicolas will pick up on this for a
future release of shadow.
cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20090126/10ed5bd2/attachment.pgp
More information about the Pkg-shadow-devel
mailing list