[Pkg-shadow-devel] Bug#505271: closed ... fixed in shadow 1:4.1.1-6

Thijs Kinkhorst thijs at debian.org
Mon Jan 26 13:37:52 UTC 2009

On Friday 23 January 2009 04:06, Paul Szabo wrote:
> Belatedly, I realize that this still leaves a DoS attack: fill up utmp
> with entries for all possible PIDs, then login will fail. Maybe that is
> "properly" Bug#505071 (as distinct from this one)? Please see there
> about ideas on how to perform this DoS without access to group utmp.

Although from the description I think it's definately something that's good to 
fix, I do not think it's that serious to be a DSA. Still, thanks for your 
help in analysing these issues - I hope Nicolas will pick up on this for a 
future release of shadow.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20090126/10ed5bd2/attachment.pgp 

More information about the Pkg-shadow-devel mailing list