Bonsoir, Ci-joint à traduire une page à props d'une vulnérabilité de pam-auth.
Avis aux amateurs ! (qui répondront par RFR) -- Simon Paillard
#use wml::debian::template title="Details on PAM vulnerable configuration" <p>From versions 1.0.1-6 to 1.0.1-9, the pam-auth-update utility included in the <a href="http://packages.debian.org/libpam-runtime";>libpam-runtime</a> package in Debian <em>testing</em> and <em>unstable</em> suffered from a bug whereby systems could be inadvertently configured to allow access with or without a correct password (<a href="http://bugs.debian.org/519927";>#519927</a>). Although the majority of users will not have been affected by this bug, those that are affected should consider their machines to be compromised, particularly if those machines are configured to allow access from the Internet.</p> <p>Beginning with version 1.0.1-10<!-- released on Xth August 2009-->, libpam-runtime no longer permits this incorrect configuration, and on upgrade will detect if your system was affected by this bug.</p> <p>If you were shown a message on upgrade directing you to this webpage, you should assume that your system has been compromised. Unless you are familiar with recovering from security failures, viruses, and malicious software <strong>you should re-install this system from scratch</strong> or obtain the services of a skilled system administrator. The <a href="$(HOME)/doc/manuals/securing-debian-howto/">securing-debian-howto</a> includes <a href="$(HOME)/doc/manuals/securing-debian-howto/ch-after-compromise">information on recovering from a system compromise</a>.</p> <p>The Debian project apologizes that previous versions of libpam-runtime did not detect and prevent this situation.</p>
