Package: screen Version: 4.0.3-11 Severity: grave Tags: security Justification: user security hole
Hello, Screen has started accepting any password at all at the locked screen prompt on my testing box. I do not know when exactly this behavior started; I just noticed it today. A different box running etch works as expected, i.e. only unlocking when the user's system password is entered. I have tested this with multiple users on the lenny box. Searching the Debian screen bug reports and the screen-users mailing list turns up nothing. The only thing I can guess right now is that it might have something to do with new pam packages in testing. User error is always a possibility, too. ;-) Thank you, Troy Davis -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.25-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages screen depends on: ii libc6 2.7-13 GNU C Library: Shared libraries ii libncursesw5 5.6+20080713-1 shared libraries for terminal hand ii libpam0g 1.0.1-2 Pluggable Authentication Modules l screen recommends no packages. screen suggests no packages. -- debconf information: screen/old_upgrade_prompt: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
