From owner-freebsd-security Wed Oct 4 10:22: 6 2000 Delivered-To: freebsd-security@freebsd.org Received: from digitalinet.com (digitalinet.com [216.65.124.130]) by hub.freebsd.org (Postfix) with SMTP id 5E15D37B66D for ; Wed, 4 Oct 2000 10:22:04 -0700 (PDT) Received: (qmail 21943 invoked from network); 4 Oct 2000 17:21:59 -0000 Received: from unknown (HELO dns) (24.26.71.114) by digitalinet.com with SMTP; 4 Oct 2000 17:21:59 -0000 Message-ID: <008001c02e26$c20c6100$03030303@dns> From: "John" To: "Mike Tancsa" , "Warner Losh" Cc: References: <4.2.2.20001004011210.035225e0@mail.sentex.net> <200010041719.LAA37604@harmony.village.org> Subject: Re: Fwd: BSD chpass Date: Wed, 4 Oct 2000 13:15:55 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org chmod a-s /usr/bin/chpass or chmod 700 /usr/bin/chpass Solution or not ? I believe that will work out just fine. ----- Original Message ----- From: "Warner Losh" To: "Mike Tancsa" Cc: Sent: Wednesday, October 04, 2000 1:19 PM Subject: Re: Fwd: BSD chpass > In message <4.2.2.20001004011210.035225e0@mail.sentex.net> Mike Tancsa writes: > : OK, here is a nasty bugtraq posting :-( > > There will be an advisory about this, but the short answer is: > o 1.x is NOT vulnerable > o 2.x, and 3.x through 3.5.1-RELEASE and 4.0-RELEASE are vulnerable > o 4.1-RELEASE and 4.1.1-RELEASE are NOT vulnerable > o 2.1.x-stable, 2.2.8-stable and 3.5.1-stable have been fixed as > of 8 hours ago. > > Warner > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message