Re: IRIX 6.2 passwordless accounts exploit?

From: Eugene Bradley (eugene.bradleyat_private)
Date: Mon Sep 28 1998 - 21:20:44 PDT

Next message: John Caldwell: "mountd- more info (sorry)"

Previous message: morex .-: "Re: mountd remote exploit?"
Maybe in reply to: Dan Stromberg: "IRIX 6.2 passwordless accounts exploit?"
Next in thread: Charl Botha: "Re: IRIX 6.2 passwordless accounts exploit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28 Sep 98, @ 16:14, D.A. Harris <rodmurat_private> wrote:

> Actually, something that I think is a bug in IRIX, something that hasn't
> been fixed in 6.5, is the behavior of login when you specify that root can
> only login into /dev/console (this can be set in /etc/default/login).
> Instead of immediately denying someone access when they try to telnet or
> rlogin as root to a box, it lets you still attempt the password, and only
> denies you access when you get the password correct.  So a hacker would
> know that they have the right root password, so all he has to do is hack a
> user account, probably not too difficult.  What login should do is once
> root gets entered at the login prompt, it should give an error and
> disconnect, that why no potential hint to the root password would be
> given.

This login bug also exists on every version of Solaris that I've
worked with, from 2.3 all the way to 2.6 HW 5/98 -- all with the
relevant login patches installed.  My bosses at this job and at my
previous one have contacted Sun about this problem for nearly three
years but with no results.

At this point I don't know if this login bug exists in Solaris 2.7,
which if my sources are correct, is due out next month.  I am not in
the Solaris 2.7 beta program so I couldn't test this for sure.
Anyway it'll be just one more thing on my long list of "did Sun
really fix this bug in Solaris 2.7 like they claimed they would do in
previous Solaris releases?" things I'll be checking for when I get my
Solaris 2.7 CDs.

<rant>
You would think that with Sun's size, resources, and market share in
terms of UNIX workstations, servers, and OS, that they would learn
from the security vulnerabilities found in other operating systems
and release stable and secure software instead of making SAs patch
the thing every other week...
</rant>
--
Eugene Bradley -- Just Another Random UNIX administrator
eugene.bradleyat_private | I don't work for Erol's -- they're just my ISP
to me. Get my PGP key by replying with "GET KEY" in the Subject: line.
homepage is @ http://www.geocities.com/SiliconValley/Haven/9323/

Next message: John Caldwell: "mountd- more info (sorry)"
Previous message: morex .-: "Re: mountd remote exploit?"
Maybe in reply to: Dan Stromberg: "IRIX 6.2 passwordless accounts exploit?"
Next in thread: Charl Botha: "Re: IRIX 6.2 passwordless accounts exploit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:18:04 PDT