Bugtraq mailing list archives
Re: IRIX 6.2 passwordless accounts exploit?
From: khawkins () NCSA UIUC EDU (Kevin Hawkins)
Date: Wed, 30 Sep 1998 11:51:35 -0500
HP-UX exhibits the same behavior. Actually, when I questioned this behavior on comp.sys.hp.hpux a while back (look for the subject "Better remote access denial than securetty?" through DejaNews if you're interested), the only response I got took the approach that it was more of a feature than a bug. But I didn't think the arguments given were a strong enough case against just dropping root login attempts that weren't at the console. So maybe the vendors don't see it as a bug? I certainly do. Kevin At 04:14 PM 9/28/98 -0700, D.A. Harris wrote:
Actually, something that I think is a bug in IRIX, something that hasn't been fixed in 6.5, is the behavior of login when you specify that root can only login into /dev/console (this can be set in /etc/default/login). Instead of immediately denying someone access when they try to telnet or rlogin as root to a box, it lets you still attempt the password, and only denies you access when you get the password correct. So a hacker would know that they have the right root password, so all he has to do is hack a user account, probably not too difficult. What login should do is once root gets entered at the login prompt, it should give an error and
disconnect,
that why no potential hint to the root password would be given. -- Dale Harris <rodmur () csuchico edu> PGP KeyID: E26EC5FD System Administrator ph. (530) 898-4421 Computer Graphics, Instructional Media Center fax. (530) 898-5369 California State University, Chico, California 95929-0005 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- Kevin Hawkins - NCSA Security email: khawkins () ncsa uiuc edu PGP: http://www.ncsa.uiuc.edu/People/khawkins/pgp.html
Current thread:
- Re: rpc.mountd vulnerabilities, (continued)
- Re: rpc.mountd vulnerabilities Alan Brown (Sep 29)
- IRIX Mail(1)/mailx(1) Security Issues SGI Security Coordinator (Sep 29)
- IRIX On-Line Customer Registration Vulnerabilities SGI Security Coordinator (Sep 29)
- IRIX mail(1)/rmail(1M)/sendmail(1M) Security Vulnerabilities SGI Security Coordinator (Sep 29)
- Re: rpc.mountd vulnerabilities Olaf Kirch (Sep 30)
- ISS Security Advisory: Snork X-Force (Sep 29)
- Re: mountd- more info (sorry) John Caldwell (Sep 29)
- Re: mountd- more info (sorry) Anthony C. Zboralski (Sep 30)
- more rpc.mountd jason valentine (Sep 30)
- Netscape Cache Exploit - source code Ken Williams (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Kevin Hawkins (Sep 30)
- Sun Security Bulletin #00176 joshua grubman (Sep 30)
- Re: IRIX 6.2 passwordless accounts exploit? morex .- (Sep 28)
- mountd remote exploit? John Caldwell (Sep 28)
- Re: mountd remote exploit? morex .- (Sep 28)
- Re: IRIX 6.2 passwordless accounts exploit? Charl Botha (Sep 29)
- Re: IRIX 6.2 passwordless accounts exploit? Renaud Deraison (Sep 29)
- rpc.mountd exploit Hudin Lucian (Sep 29)