MNBSD-2010-0: libutil login.conf handling allows bypass of CPU resource restrictions

Severity: Unknown

Affected Package: libutil

Summary: libutil login.conf handling allows bypass of CPU resource restrictions

Description

A vulnerability in libutil allowed some services such as OpenSSH to bypass CPU resource restrictions in 0.3 through the use of a custom login.conf. The issue was fixed on the same day, present in kern.osreldate 3015 or later. No corresponding FreeBSD Security Advisory or CVE could be confidently identified; this appears to be a MidnightBSD-specific fix.

Affected Versions

libutil

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases:

Published: September 02, 2010
Last Modified: September 02, 2010