Re: RedHat 6.1 /and others/ PAM

From: Crashkiller (pawqat_private)
Date: Tue Feb 01 2000 - 04:26:41 PST

Next message: Aleph One: "[Debian] New version of apcd released"

Previous message: salmeat_private: "Re: Bypass Virus Checking"
Next in thread: Keith Warno: "Re: RedHat 6.1 /and others/ PAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 30 Jan 2000, you wrote:
>
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.

Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7


--

Save YourSelf And Stay Cool
Crashkiller

+----------------------------------------+
|  WWW  : blue.profex.com.pl/~pawq                                |
|  MAIL : pawqat_private  crashevat_private   |
|          crashevat_private   pawqat_private           |
|  IRC  : nick crashkiller on #hackingpl #nokia-l                |
|        Polish Linux Userz Group / Plbugz Team                 |
+----------------------------------------+

Next message: Aleph One: "[Debian] New version of apcd released"
Previous message: salmeat_private: "Re: Bypass Virus Checking"
Next in thread: Keith Warno: "Re: RedHat 6.1 /and others/ PAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:01 PDT