Bugtraq mailing list archives
Re: RH 6.0 shadow passwords and locking users bug
From: walter () SWIFTECH NET SG (Walter Klomp)
Date: Sat, 4 Sep 1999 19:32:25 +0800
Hi, I solved this problem by downloading the source of the latest shadow-password package, and just recompile and make install... It's indeed an error in the .rpm of RedHat 6.0... Hope this helps Regards Walter
-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of Shuman Sent: Thursday, September 02, 1999 7:24 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: RH 6.0 shadow passwords and locking users bug On Mon, 30 Aug 1999, Prince Ctrl wrote: [ When administering a Red Hat 6.0 server and locking users with the [ 'passwd -l <user>' command, and then unlocking a user with the 'passwd [ -u <user>' command, a control character is added to the end of a [ users' encrypted password in the form of a "^Q" in the shadowed passwd [ file. The "usermod" program, a part of shadow-utils that comes with RedHat 6.0 has a similar feature and does NOT has this "^Q" problem when unlocking. To lock an account: usermod -L username To unlock an account: usermod -U username [ OS affected/tested: Red Hat 6.0 Too bad, I just upgraded the last RH 5.2 box to 6.0 today! --- M S Anam <shuman () annexgrp org> Annex Group, Bangladesh We hack to learn! Those who can't write, write manuals.
Current thread:
- RH 6.0 shadow passwords and locking users bug Prince Ctrl (Aug 30)
- Re: RH 6.0 shadow passwords and locking users bug Shuman (Sep 01)
- Re: RH 6.0 shadow passwords and locking users bug Walter Klomp (Sep 04)
- SECURITY: RHSA-1999:033 Buffer overflow problem in the inews program Cristian Gafton (Sep 01)
- Re: RH 6.0 shadow passwords and locking users bug bandregg () REDHAT COM (Sep 02)
- <Possible follow-ups>
- Re: RH 6.0 shadow passwords and locking users bug Alex Alvarez (Sep 06)
- Re: RH 6.0 shadow passwords and locking users bug Prince Ctrl (Sep 09)
- Re: RH 6.0 shadow passwords and locking users bug Shuman (Sep 01)