Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Mon, 21 Apr 2008 20:23:20 -0400
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Subject: audit log injection attack via login

Steve Grubb just let us know about an audit log injection flaw in login.
It's already public via a checkin:
http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=commit;h=8ccf0b253ac0f4f58d64bc9674de18bff5a88782

I'm under the impression this should probably get a new CVE id (added Steve
Christey to the CC list for this).

Steve Grubb is also pretty sure there are other things that have this
problem, he's investigating.

Thanks.

-- 
    JB

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux