Re: vulnerability in su/PAM in redhat

From: Javi Polo (javipoloat_private)
Date: Fri Jun 11 1999 - 05:38:02 PDT

Next message: Bill Stout: "Re: Bug in WTS 4.0 on WinNT 4.0 sp4"

Previous message: Scott Wunsch: "Re: RedHat 6.0, /dev/pts permissions bug when using xterm"
Maybe in reply to: Tani Hosokawa: "vulnerability in su/PAM in redhat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 9 Jun 1999, Tani Hosokawa wrote:

> with redhat has a slight hole. When you try to su to root (for example) if
> it's successful, immediately gives you a shell prompt.  Otherwise, it
> delays a full second, then logs an authentication failure to syslog.  If
> you hit break in that second, no error, plus you know that the password
> was bad, so you can brute force root's password.  I wrote a little

Checked ....
Confirmed for su that comes with
sh-utils-1.16-14
and using
pam-0.64-3

Ta luegos ......                Oh my God! They killed Kenny!!!!!!
	Javi Polo ;)
Me puedes encontrar en fido en 2:347/13.4    yo también 3000ya.com
AUTOPISTA NO!!!!!!!!!!! No a l'autopista de llevant

Next message: Bill Stout: "Re: Bug in WTS 4.0 on WinNT 4.0 sp4"
Previous message: Scott Wunsch: "Re: RedHat 6.0, /dev/pts permissions bug when using xterm"
Maybe in reply to: Tani Hosokawa: "vulnerability in su/PAM in redhat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:49:09 PDT