I belatedly realize that the Debian etch fix still allows for a DoS attack; I am not sure if the Debian sid fix, or the Ubuntu one, are any better. I do not yet know whether the DoS attack can succeed without group utmp access, please see http://bugs.debian.org/505071 http://bugs.debian.org/505271 for details.
Cheers, Paul Szabo p...@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia -- /bin/login gives root to group utmp https://bugs.launchpad.net/bugs/306082 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
