Debian Bug report logs - #628843
login: tty hijacking possible in "su" via TIOCSTI ioctl

version graph

Package: src:shadow; Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>;

Reported by: Daniel Ruoso <daniel@ruoso.com>

Date: Wed, 1 Jun 2011 19:27:02 UTC

Severity: important

Tags: confirmed, help, security

Found in versions shadow/1:4.1.4.2+svn3283-1, shadow/1:4.2-3+deb8u1

Fixed in version 1:4.5-1.1

Done: Jakub Wilk <jwilk@jwilk.net>

Bug is archived. No further changes may be made.

Full log

Message #61 received at 628843@bugs.debian.org (full text, mbox, reply):

Received: (at 628843) by bugs.debian.org; 16 Oct 2011 15:59:28 +0000
From cperrier@kheops.frmug.org Sun Oct 16 15:59:28 2011
X-Spam-Checker-Version: SpamAssassin 3.3.1-bugs.debian.org_2005_01_02
	(2010-03-16) on busoni.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-14.0 required=4.0 tests=BAYES_00,FROMDEVELOPER,
	HAS_BUG_NUMBER,PGPSIGNATURE autolearn=ham
	version=3.3.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 11; hammy, 92; neutral, 30; spammy, 0.
	spammytokens: hammytokens:0.000-+--H*c:pgp-sha256, 0.000-+--H*r:sk:kheops.,
	0.000-+--H*RU:sk:kheops., 0.000-+--HX-Spam-Relays-External:sk:kheops.,
	0.000-+--H*RU:88.169.112.155
Return-path: <cperrier@kheops.frmug.org>
Received: from perrier.eu.org ([88.169.112.155] helo=kheops.perrier.eu.org)
	by busoni.debian.org with esmtp (Exim 4.72)
	(envelope-from <cperrier@kheops.frmug.org>)
	id 1RFT7Y-0000IL-Ju
	for 628843@bugs.debian.org; Sun, 16 Oct 2011 15:59:28 +0000
Received: from localhost (localhost [127.0.0.1])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 76FF51C1F2;
	Sun, 16 Oct 2011 17:59:22 +0200 (CEST)
Received: from kheops.perrier.eu.org ([127.0.0.1])
	by localhost (kheops.kheops.frmug.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id zoGDUCNgKf43; Sun, 16 Oct 2011 17:59:22 +0200 (CEST)
Received: from mykerinos.kheops.frmug.org (localhost [127.0.0.1])
	by kheops.perrier.eu.org (Postfix) with ESMTP id 1754C1C1AD;
	Sun, 16 Oct 2011 17:59:22 +0200 (CEST)
Received: by mykerinos.kheops.frmug.org (Postfix, from userid 7426)
	id 5848DC2425; Sun, 16 Oct 2011 17:20:31 +0200 (CEST)
Date: Sun, 16 Oct 2011 17:20:31 +0200
From: Christian PERRIER <bubulle@debian.org>
To: Arne Wichmann <aw@anhrefn.saar.de>, 628843@bugs.debian.org
Subject: Re: [Pkg-shadow-devel] Bug#628843: Ping
Message-ID: <20111016152031.GT31065@mykerinos.kheops.frmug.org>
References: <20111015211347.GD28670@anhrefn.saar.de>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="iK/wEI4vkfDmI6Zw"
Content-Disposition: inline
In-Reply-To: <20111015211347.GD28670@anhrefn.saar.de>
User-Agent: Mutt/1.5.21 (2010-09-15)

[Message part 1 (text/plain, inline)]
Quoting Arne Wichmann (aw@anhrefn.saar.de):
> This critical bug is now pending for more than 3 months. Is there any
> update on the situation?

Nicolas should actually release upstream 4.1.5 and thenupload
4.1.5-1. Nicolas?



[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Nov 6 12:43:58 2024; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.