]> git.ipfire.org Git - thirdparty/shadow.git/commit
projects / thirdparty / shadow.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad0797f) | patch
* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
authornekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Thu, 26 Jun 2008 20:28:31 +0000 (20:28 +0000)
committernekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Thu, 26 Jun 2008 20:28:31 +0000 (20:28 +0000)
commit3021f35c3aa58e3a7f18d211e17f86c447cf840a
tree43d44b35b3e109a2f200dbf49ee1e357696e53d4tree | snapshot
parentad0797f129be194c1254fac7b866641965cceae6commit | diff
* NEWS, src/login.c: Fix an "audit log injection" vulnerability in
login. This is similar to CVE-2008-1926 (util-linux-ng's login).
This vulnerability makes it easier for attackers to hide
activities by modifying portions of log events, e.g. by appending
an addr= statement to the login name.
* lib/prototypes.h: Added definition of AUDIT_NO_ID.
ChangeLog diff | blob | blame | history
NEWS diff | blob | blame | history
lib/prototypes.h diff | blob | blame | history
src/login.c diff | blob | blame | history
Mirror of https://github.com/shadow-maint/shadow.git