Package: passwd Version: 1:4.0.14-9 Severity: critical Tags: security Justification: root security hole
Just press ^D instead of the new password and passwd will segfaults. I think that this is grave because it's set uid root. $ passwd Changing password for matteo (current) UNIX password: Enter new UNIX password:^D Retype new UNIX password:^D Segmentation fault [~]$ Cheers, Matteo Croce -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing'), (50, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.16 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages passwd depends on: ii debianutils 2.15.3 Miscellaneous utilities specific t ii libc6 2.3.6-4 GNU C Library: Shared libraries an ii libpam-modules 0.79-3.1 Pluggable Authentication Modules f ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libselinux1 1.30-1 SELinux shared libraries ii login 1:4.0.14-9 system login tools passwd recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
