Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 16 Aug 2010 12:05:13 +0100
From: Tim Brown <>
Subject: Minor security flaw with pam_xauth

Here's another bug where privileged code isn't checking the return value from 

I don't think this needs a CVE as I haven't found a useful way to exploit it 
but maybe someone on here will spot something I've missed.  Either way, I 
would have thought it should be fixed.


PS Is it just me or does "I fail to see how RLIMIT_NPROC should have any affect 
on setuid." in the comments a touch disconcerting given that it's from the PAM 
Tim Brown

Download attachment "signature.asc " of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.