Bugtraq mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: thegnome () NMRC ORG (Simple Nomad)
Date: Mon, 31 Jan 2000 15:14:10 -0600
Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of "standard in must be a tty..." therefore the sploit would stop on the first word in the list as if it was the correct password. Therefore I fail to see the exact sploit here. I tried this on a stock RH 6.1 machine. - Simple Nomad - No rest for the Wicca'd - - thegnome () nmrc org - www.nmrc.org - - thegnome () razor bindview com - www.bindview.com - On Sun, 30 Jan 2000, Michal Zalewski wrote:
A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows attacker to perform rapid brute-force password cracking attack without any evidence in system logs. Exploit attached. Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some other way. _______________________________________________________ Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM] [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl] [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)