Re: RH 6.0 shadow passwords and locking users bug

From: Prince Ctrl (princectrlat_private)
Date: Thu Sep 09 1999 - 06:37:03 PDT

Next message: Lisa Napier: "Re: Cisco and Nmap Dos"

Previous message: has last: "9/9/99 and WiN95 Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'd would like to note that the fix I posted last week was intended
for our group only...it was a quick fix and I probably should have
never posted it on the list. I would think that it would still fix the
problem, as we don't have anything "special" or "modified" relative to
the passwd package...

I was informed that Red Hat is presently working on a PGP-signed
modification to the passwd package...


===
PrinceC
Security Administrator/Consultant
princectrlat_private






---Walter Klomp <walterat_private> wrote:
>
> Hi,
>
> I solved this problem by downloading the source of the latest
> shadow-password package, and just recompile and make install...
>
> It's indeed an error in the .rpm of RedHat 6.0...
>
> Hope this helps
> Regards
> Walter
>
> > -----Original Message-----
> > From: Bugtraq List [mailto:BUGTRAQat_private]On Behalf Of
Shuman
> > Sent: Thursday, September 02, 1999 7:24 AM
> > To: BUGTRAQat_private
> > Subject: Re: RH 6.0 shadow passwords and locking users bug
> >
> >
> > On Mon, 30 Aug 1999, Prince Ctrl wrote:
> > [ When administering a Red Hat 6.0 server and locking users with the
> > [ 'passwd -l <user>' command, and then unlocking a user with the
'passwd
> > [ -u <user>' command, a control character is added to the end of a
> > [ users' encrypted password in the form of a "^Q" in the shadowed
passwd
> > [ file.
> >
> > The "usermod" program, a part of shadow-utils that comes with
RedHat 6.0
> > has a similar feature and does NOT has this "^Q" problem when
unlocking.
> >
> > To lock an account:
> > usermod -L username
> >
> > To unlock an account:
> > usermod -U username
> >
> > [ OS affected/tested: Red Hat 6.0
> >
> > Too bad, I just upgraded the last RH 5.2 box to 6.0 today!
> >
> > ---
> > M S Anam                                       <shumanat_private>
> >
> > Annex Group, Bangladesh                            We hack to learn!
> >
> > Those who can't write, write manuals.
> >
>

_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com

Next message: Lisa Napier: "Re: Cisco and Nmap Dos"
Previous message: has last: "9/9/99 and WiN95 Problems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:48 PDT