[Bug 242690] Re: <Ctrl+C> might allow to bypass authentication
Launchpad Bug Tracker
242690 at bugs.launchpad.net
Mon Jun 30 14:03:10 BST 2008
This bug was fixed in the package pam-pgsql - 0.6.3-0ubuntu1.8.04.1
---------------
pam-pgsql (0.6.3-0ubuntu1.8.04.1) hardy-security; urgency=low
* SECURITY UPDATE: local users may bypass authentication and gain
privileges by sending <CTRL-C> at the password prompt.
* pam_pgsql.c: applied Debian patch to fix operator precedence
(Fixes LP: #242690)
* pam_get_service.c: applied Debian patch from 0.6.3-2 to fix FTBFS
* References
CVE-2008-2516
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481970
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=441679
-- Thierry Carrez <thierry.carrez at ubuntu.com> Wed, 25 Jun 2008
21:04:24 +0200
** Changed in: pam-pgsql (Ubuntu Hardy)
Status: Fix Committed => Fix Released
** Changed in: pam-pgsql (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
--
<Ctrl+C> might allow to bypass authentication
https://bugs.launchpad.net/bugs/242690
You received this bug notification because you are a member of Ubuntu
Sponsors for universe, which is a direct subscriber.
More information about the Ubuntu-universe-sponsors
mailing list