From owner-freebsd-security Tue Jun 18 13:43:55 2002 Delivered-To: freebsd-security@freebsd.org Received: from spork.pantherdragon.org (spork.pantherdragon.org [206.29.168.146]) by hub.freebsd.org (Postfix) with ESMTP id 442EA37B40B for ; Tue, 18 Jun 2002 13:43:44 -0700 (PDT) Received: from spark.techno.pagans (spark.techno.pagans [4.61.202.145]) by spork.pantherdragon.org (Postfix) with ESMTP id 30879471DA; Tue, 18 Jun 2002 13:43:43 -0700 (PDT) Received: from pantherdragon.org (speck.techno.pagans [172.21.42.2]) by spark.techno.pagans (Postfix) with ESMTP id 220CEFDA0; Tue, 18 Jun 2002 13:43:39 -0700 (PDT) Message-ID: <3D0F9B7B.93FEBB49@pantherdragon.org> Date: Tue, 18 Jun 2002 13:43:39 -0700 From: Darren Pilgrim X-Mailer: Mozilla 4.76 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Alex Michlin Cc: Eric F Crist , freebsd-security@FreeBSD.ORG Subject: Re: Disable Login References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Alex Michlin wrote: > > I remember seeing a FreeBSD advisory on a bug in login. Now, for the > real story... What is behind this is: I just downloaded the latest Saint > version and ran it against a server. It said there login was vunerable. > I'm not sure how it knows if there is a bug or just information (but it is > listed under the critical section). What was the login method? Telnet? SSH? rsh? I just looked at the entire list of FreeBSD advisories going back to 1996 and there aren't any for login (login is a specific program). What was the advisory number? There have been FreeBSD advisories on both telnet and ssh, perhaps that's what you saw? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message