Simple Nomad wrote: > > Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of > "standard in must be a tty..." therefore the sploit would stop on the > first word in the list as if it was the correct password. Therefore I fail > to see the exact sploit here. I tried this on a stock RH 6.1 machine. this happens on a redhat 5.2: [markus@balu markus]$ echo wrongpass | su - Password: su: incorrect password [markus@balu markus]$ echo rootpass | su - Password: stdin: is not a tty so there is a noticeable difference between the right password and the wrong ones. this is what redhat 6.1 tells me: [md@serv md]$ echo wrongpass | su - standard in must be a tty [md@serv md]$ echo rightpass | su - standard in must be a tty seems like they fixed it. regards, markus
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:54 PDT