Linux-Bulgaria.ORG
навигация

 

начало

пощенски списък

архив на групата

семинари ...

документи

как да ...

 

 

Предишно писмо Следващо писмо Предишно по тема Следващо по тема По Дата По тема (thread)

Re: lug-bg: Slackware World-Writable Valid Shell List Vulnerability


  • Subject: Re: lug-bg: Slackware World-Writable Valid Shell List Vulnerability
  • From: firedust@xxxxxxx (Stanislav Lechev)
  • Date: Mon, 25 Jun 2001 15:14:33 +0300



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

to towa e po staro ot sweta
samo deto ne mi e qsno shto go wadqt pak w bugtraq ?!?

w ChangeLog.txt na slack current :

- ----------------------------
Thu Aug 24 16:12:55 PDT 2000
Merged package directories for the A and N series.
a1/bash.tgz, bash1.tgz:  Patched install script to ensure that a
   newly-created /etc/shells will be chmoded 644.
[.....]
- ----------------------------
Thu Aug 24 14:14:00 PDT 2000
(* Branched new Slackware-current from Slackware 7.1 *)

neznam dali zabelqzwash no towa e pyrwoto neshto koeto e naprawil
Patrick Volkerding kato e pochnal current-a

On Sunday 24 June 2001 14:00, Marian Popov wrote:
> A vulnerability exists in Slackware Linux version 7.1.
>
> During the default installation of Slackware Linux, the /etc/shells file
> is
> installed with world-writable permissions. As a result, it may be possible
> for local users to modify this file and effectively cause a denial of
> service to users attempting to use applications which rely on the data
> contained in the file.
> No exploit is required.
> A workaround is to remove the world-writable permissions from
> the /etc/shells file:
>
> # chmod 644 /etc/shells
>
> This issue has been resolved in the base.tgz package in the Slackware-
> current tree as of August 24, 2000.
>
>
> ==-rw-r--r--=============================
> == Pazardjik.com  System Administrator ==
> == GSM: +359 88 975753                 ==
> == e-mail: mano@xxxxxxxxxxxxx          ==
> =========================================
>
>
> ===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora

- -- 
- -===============================================================-
- - Regards,                                            AngelFire -
- -     Stanislav Lechev                    <firedust@xxxxxxx>    -
- -    PGP Key: http://firedust.vega.bg/pgp/StanislavLechev.asc   -
- -  Vega Internet Service Provider (tm)  --  http://www.vega.bg  -
- -===============================================================-
   Everyone is a genius. 
     It's just that some people are too stupid to realize it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7Nysp8RPXBhiMqewRAu/1AJwKKKuaLQuDiTTtorkoMxf0QZ2WdgCeMqRs
MwrMpH8xmZuBqkhY3JgIMzw=
=/rhl
-----END PGP SIGNATURE-----
===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora



 

наши приятели

 

линукс за българи
http://linux-bg.org

FSA-BG
http://fsa-bg.org

OpenFest
http://openfest.org

FreeBSD BG
http://bg-freebsd.org

KDE-BG
http://kde.fsa-bg.org/

Gnome-BG
http://gnome.cult.bg/

проект OpenFMI
http://openfmi.net

NetField Forum
http://netField.ludost.net/forum/

 

 

Linux-Bulgaria.ORG

Mailing list messages are © Copyright their authors.