Opened 15 years ago
Closed 15 years ago
#2287 closed enhancement (fixed)
Shadow-4.1.2.2
| Reported by: | Matthew Burgess | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | 7.0 |
| Component: | Book | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Typical. This fixes a "race condition" vulnerability in login, which could lead to gaining ownership or changing mode of arbitrary files; and a possible login DOS when an attacker can inject forged entries in utmp.
Probably needs to be targetted for an errata announcement for 6.4, and then promoted to trunk for 7.0.
Note:
See TracTickets
for help on using tickets.
Fixed in r8767.