Date: Mon, 30 Oct 2000 17:45:08 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Dima Dorfman <dima@unixfreak.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-00:58.chpass Message-ID: <20001030174508.A15508@citusc17.usc.edu> In-Reply-To: <20001030235755.CB3A21F27@static.unixfreak.org>; from dima@unixfreak.org on Mon, Oct 30, 2000 at 03:57:55PM -0800 References: <20001030231153.B618B37B4CF@hub.freebsd.org> <20001030235755.CB3A21F27@static.unixfreak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, Oct 30, 2000 at 03:57:55PM -0800, Dima Dorfman wrote: > [ PGP not available, raw data follows ] > > -----BEGIN PGP SIGNED MESSAGE----- > > > > ============================================================================= > > FreeBSD-SA-00:58 Security Advisory > > FreeBSD, Inc. > > > > Topic: chpass family contains local root vulnerability > > > > Category: core > > Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd > > Forgive my ignorance, but I fail to see how 'passwd' is vulnerable. > Yes, it does link with the affected file (pw_util.c), and calls the > affected function (pw_error()), but, as far as I can tell, it never > calls it with any parameters which can be controlled by the user. Fair enough, I added this at the last minute to be sure without really checking. Better to have someone upgrade something that isn't actually a security risk than leave a vulnerable binary lying around. Kris [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjn+JCMACgkQWry0BWjoQKX5HgCg2SqDVj5lp9IWEh8MNHvVVkcI cJgAoM4BdlQ1Bpb4fgMHRtPP0iUi9CHQ =IyLj -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001030174508.A15508>