thr3ads.net - Secure testing commits - [Secure-testing-commits] r1113

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2005-May-20 12:08 UTC

[Secure-testing-commits] r1113 - sarge-checks/CAN

Author: jmm-guest
Date: 2005-05-20 12:08:51 +0000 (Fri, 20 May 2005)
New Revision: 1113

Modified:
   sarge-checks/CAN/list
Log:
flawed open() call in shadow doesn''t affect the version in Sarge.


Modified: sarge-checks/CAN/list
==================================================================---
sarge-checks/CAN/list	2005-05-20 12:04:52 UTC (rev 1112)
+++ sarge-checks/CAN/list	2005-05-20 12:08:51 UTC (rev 1113)
@@ -1404,7 +1404,7 @@
 CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to
execute ...)
 	TODO: check
 CAN-2005-XXXX [Insecure mailbox generation in passwd''s useradd
-	- shadow (unfixed; bug #307259)
+	NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge,
fixed in 4.0.8)
 CAN-2005-XXXX [Insecure tempfile generation in shadow''s vipw] 
 	NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
 	- shadow 4.0.3-33

Secure testing commits - May 2005 - r1113 - sarge-checks/CAN

[Secure-testing-commits] r1113 - sarge-checks/CAN