Debians sikkerhedsbulletin
DSA-585-1 shadow -- programmeringsfejl
- Rapporteret den:
- 5. nov 2004
- Berørte pakker:
- shadow
- Sårbar:
- Ja
- Referencer i sikkerhedsdatabaser:
- I Mitres CVE-ordbog: CVE-2004-1001.
- Yderligere oplysninger:
-
En sårbarhed er opdaget i shadow-programpakken der indeholder programmer som chfn og chsh. Det er muligt for en bruger, som er logget ind, men har en udløbet adgangskode, at ændre sine kontooplysninger med chfn eller chsh uden at have ændret adgangskoden. Oprindeligt troede man, at problemet var mere alvorligt.
I den stabile distribution (woody) er dette problem rettet i version 20000902-12woody1.
I den ustabile distribution (sid) er dette problem rettet i version 4.0.3-30.3.
Vi anbefaler at du opgraderer din passwd-pakke (from the shadow suite).
- Rettet i:
-
Debian GNU/Linux 3.0 (woody)
- Kildekode:
- http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.dsc
- http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.diff.gz
- http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.diff.gz
- Alpha:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_alpha.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_alpha.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_alpha.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_arm.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_arm.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_arm.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_i386.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_i386.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_ia64.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_ia64.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_ia64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_hppa.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_hppa.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_hppa.deb
- Motorola 680x0:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_m68k.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_m68k.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_m68k.deb
- Big endian MIPS:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mips.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mips.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mips.deb
- Little endian MIPS:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_s390.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_s390.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_sparc.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_sparc.deb
- http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_sparc.deb
MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.