Bugtraq mailing list archives
Re: RH 6.0 shadow passwords and locking users bug
From: princectrl () ROCKETMAIL COM (Prince Ctrl)
Date: Thu, 9 Sep 1999 06:37:03 -0700
I'd would like to note that the fix I posted last week was intended for our group only...it was a quick fix and I probably should have never posted it on the list. I would think that it would still fix the problem, as we don't have anything "special" or "modified" relative to the passwd package... I was informed that Red Hat is presently working on a PGP-signed modification to the passwd package... === PrinceC Security Administrator/Consultant princectrl () rocketmail com ---Walter Klomp <walter () SWIFTECH NET SG> wrote:
Hi, I solved this problem by downloading the source of the latest shadow-password package, and just recompile and make install... It's indeed an error in the .rpm of RedHat 6.0... Hope this helps Regards Walter-----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of
Shuman
Sent: Thursday, September 02, 1999 7:24 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: RH 6.0 shadow passwords and locking users bug On Mon, 30 Aug 1999, Prince Ctrl wrote: [ When administering a Red Hat 6.0 server and locking users with the [ 'passwd -l <user>' command, and then unlocking a user with the
'passwd
[ -u <user>' command, a control character is added to the end of a [ users' encrypted password in the form of a "^Q" in the shadowed
passwd
[ file. The "usermod" program, a part of shadow-utils that comes with
RedHat 6.0
has a similar feature and does NOT has this "^Q" problem when
unlocking.
To lock an account: usermod -L username To unlock an account: usermod -U username [ OS affected/tested: Red Hat 6.0 Too bad, I just upgraded the last RH 5.2 box to 6.0 today! --- M S Anam <shuman () annexgrp org> Annex Group, Bangladesh We hack to learn! Those who can't write, write manuals.
_________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- RH 6.0 shadow passwords and locking users bug Prince Ctrl (Aug 30)
- Re: RH 6.0 shadow passwords and locking users bug Shuman (Sep 01)
- Re: RH 6.0 shadow passwords and locking users bug Walter Klomp (Sep 04)
- SECURITY: RHSA-1999:033 Buffer overflow problem in the inews program Cristian Gafton (Sep 01)
- Re: RH 6.0 shadow passwords and locking users bug bandregg () REDHAT COM (Sep 02)
- <Possible follow-ups>
- Re: RH 6.0 shadow passwords and locking users bug Alex Alvarez (Sep 06)
- Re: RH 6.0 shadow passwords and locking users bug Prince Ctrl (Sep 09)
- Re: RH 6.0 shadow passwords and locking users bug Shuman (Sep 01)