On Sun, 30 Jan 2000, you wrote: > > A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows > attacker to perform rapid brute-force password cracking attack without any > evidence in system logs. > > Exploit attached. > > Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some > other way. Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7 -- Save YourSelf And Stay Cool Crashkiller +----------------------------------------+ | WWW : blue.profex.com.pl/~pawq | | MAIL : pawqat_private crashevat_private | | crashevat_private pawqat_private | | IRC : nick crashkiller on #hackingpl #nokia-l | | Polish Linux Userz Group / Plbugz Team | +----------------------------------------+
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:01 PDT