Spring navigering over

• Om Debian
• Nyheder
• Få fat i Debian
• Support
• Udviklerhjørnet
• Sideoversigt
• Søg

Debians sikkerhedsbulletin

DSA-585-1 shadow -- programmeringsfejl

Rapporteret den:

5. nov 2004

Berørte pakker:

shadow

Sårbar:

Ja

Referencer i sikkerhedsdatabaser:

I Mitres CVE-ordbog: CVE-2004-1001.

Yderligere oplysninger:

En sårbarhed er opdaget i shadow-programpakken der indeholder programmer som chfn og chsh. Det er muligt for en bruger, som er logget ind, men har en udløbet adgangskode, at ændre sine kontooplysninger med chfn eller chsh uden at have ændret adgangskoden. Oprindeligt troede man, at problemet var mere alvorligt.

I den stabile distribution (woody) er dette problem rettet i version 20000902-12woody1.

I den ustabile distribution (sid) er dette problem rettet i version 4.0.3-30.3.

Vi anbefaler at du opgraderer din passwd-pakke (from the shadow suite).

Rettet i:

Debian GNU/Linux 3.0 (woody)

Kildekode:

http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.dsc

http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902-12woody1.diff.gz

http://security.debian.org/pool/updates/main/s/shadow/shadow_20000902.orig.tar.gz

Alpha:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_alpha.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_alpha.deb

ARM:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_arm.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_arm.deb

Intel IA-32:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_i386.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_i386.deb

Intel IA-64:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_ia64.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_ia64.deb

HPPA:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_hppa.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_hppa.deb

Motorola 680x0:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_m68k.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_m68k.deb

Big endian MIPS:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mips.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mips.deb

Little endian MIPS:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_mipsel.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_mipsel.deb

PowerPC:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_powerpc.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_powerpc.deb

IBM S/390:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_s390.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_s390.deb

Sun Sparc:

http://security.debian.org/pool/updates/main/s/shadow/login_20000902-12woody1_sparc.deb

http://security.debian.org/pool/updates/main/s/shadow/passwd_20000902-12woody1_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.

Denne side findes også på følgende sprog:

Deutsch English español français 日本語 (Nihongo) Português svenska

Sådan opsætter du standardsprogvalg for dokumenter