Bugtraq mailing list archives
Re: denial of service attack on login
From: laura () sobolev rhein de (Bettina Fink)
Date: Tue, 10 Dec 1996 15:21:03 +0100
In article <2.2.32.19961202024506.0098e6a0 () dux isec pt>, NuNO <nuno () dux isec pt> wrote:
The following denial of service attack seems to work on the above systems with the standard login application. joe$ nvi /var/log/wtmp [ Now no-one else can log in ] This is a problem with advisory locking. The fact that anyone can create an exclusive lock on a file they can only read!
The problem with locking of /var/log/wtmp by nvi affects not only "login". This also works on agetty and mingetty even when the "login" bug is fixed. A simple user can lock wtmp by "nvi /var/log/wtmp" without having write permission on it. If you have fixed it for "login", you can still log in your system, but if you try to log _out_, the tty is dead until the lock is removed. The author of mingetty, Florian La Roche, has been informed, he will fix it for mingetty. I'll also send a mail to Nicolai Langfeldt (maintainer of util-linux) to inform him about the agetty problem if he doesn't already know this. -- EMail: laura () caissa franken de PGP public key on demand or finger pgp () caissa franken de
Current thread:
- Re: denial of service attack on login Bettina Fink (Dec 10)