Bugtraq mailing list archives
Little feature/bug in RedHat Linux
From: anttix () cyberix edu ee (Antti Andreimann)
Date: Mon, 2 Dec 1996 06:57:19 +0200
Hi! I have discovered that an interesting "feature" exists in redhat-4.0 Impact: Remote Users can find out what accounts exist in system by using login services (telnet for example). Reason: When login get's unknown username error from PAM library it will die immediately Example: Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Red Hat Linux release 4.0 (Colgate) Kernel 2.0.24 on an i586 login: bug Password: Login incorrect Connection closed by foreign host. When submitted with a correct username, login will behave normally : Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Red Hat Linux release 4.0 (Colgate) Kernel 2.0.24 on an i586 login: root Password: Login incorrect login: login: login: login: -- ======================================================================== \||||||||||/ Antti Andreimann \||||||||||||||/ aka. Cyber \|||||||||||||||||\ anttix () cyberix edu ee /||||||||||||||||0\__@ ______ /|||||||||||||||||__/ (______) Redistribution via microsoft \||||||||||||||||/ {} network is prohibited . (c)siil L L L L _||_ ========================================================================
Current thread:
- Vulnrability in test-cgi... Apropos of Nothing (Nov 30)
- denial of service attack on login NuNO (Dec 01)
- Re: Vulnrability in test-cgi... Roger Espel Llima (Dec 01)
- Little feature/bug in RedHat Linux Antti Andreimann (Dec 01)
- Users can modify routing in AIX 4.1 Dave Roberts (Dec 02)
- Re: Users can modify routing in AIX 4.1 Troy Bollinger (Dec 02)
- <Possible follow-ups>
- Re: Vulnrability in test-cgi... Jesus Altuve (Dec 02)
- Re: Vulnrability in test-cgi... Joe Zbiciak (Dec 02)
- /bin/ksh sparc code Kichang Yang (Dec 03)
- AltaVista Firewall for UNIX Sarah Keating (Dec 03)