USN-663-1: system-tools-backends regression

11-05-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-663-1: system-tools-backends regression

Description:
===========================================================Ubuntu Security Notice USN-663-1 November 05, 2008system-tools-backends regressionhttps://launchpad.net/bugs/287134===========================================================A security issue affects the following Ubuntu releases:Ubuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 8.10: system-tools-backends 2.6.0-1ubuntu1.1In general, a standard system upgrade is sufficient to effect thenecessary changes.Details follow:It was discovered that passwords changed (or new users created) via the"Users and Groups" tool were created with 3DES hashing. This reduced thesecurity of stored user passwords, and was a regression from the correctMD5 hashing. This update fixes the problem; future password changeswill correct the hashing used. We apologize for the inconvenience.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

lusermod(1) General Commands Manual lusermod(1) NAME
lusermod - Modify an user SYNOPSIS
lusermod [OPTION]... user DESCRIPTION
Modifies the user with name user. OPTIONS
-c, --gecos=gecos Set user's GECOS field to gecos. The GECOS field is traditionally used to store user's real name and other information. -d, --directory=directory Set user's home directory to directory. -g, --gid=gid Change user's primary group ID to gid. If group with ID gid does not exist, a warning is printed, but the operation is performed anyway. -i, --interactive Ask all questions when connecting to the user database, even if default answers are set up in libuser configuration. -L, --lock Lock user's account. This prevents logging in using user's password. -l, --login=name Rename user to name. -m, --movedirectory After changing user's home directory (using the -d option), move the old home directory to the new location. -P, --plainpassword=password Set user's password to password. Note that the password can be viewed while running lusermod using tools such as ps(1). -p, --password=encrypted Set user's password to the password represented by the hash encrypted. Note that the hash can be viewed while running lusermod using tools such as ps(1). -s, --shell=shell Set user's login shell to shell. -U, --unlock Unlock user's account. -u, --uid=uid Change user's user ID to uid. --commonname=name Set user's common name to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim- itations (e.g. LDAP schema rules). --givenname=name Set user's given name to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further limi- tations (e.g. LDAP schema rules). --homephone=phone Set user's home telephone number to phone. This attribute is only supported in some backends (e.g.LDAP), and its support may have further limitations (e.g. LDAP schema rules). --roomnumber=room Set user's room number to room. This attribute is only supported in some backends (e.g.LDAP), and its support may have further lim- itations (e.g. LDAP schema rules). --surname=name Set user's surname to name. This attribute is only supported in some backends (e.g.LDAP), and its support may have further limita- tions (e.g. LDAP schema rules). --telephonenumber=phone Set user's telephone number to phone. This attribute is only supported in some backends (e.g.LDAP), and its support may have fur- ther limitations (e.g. LDAP schema rules). EXIT STATUS
The exit status is 0 on success, nonzero on error. libuser 2009-12-11 lusermod(1)

Security Advisories (RSS)

USN-663-1: system-tools-backends regression

LEARN ABOUT CENTOS

lusermod