Bugtraq mailing list archives

Re: RedHat 6.1 /and others/ PAM

From: vectro () PIPELINE COM (Ian Turner)
Date: Tue, 1 Feb 2000 11:52:04 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 31 Jan 2000, Simple Nomad wrote:

Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.

-         Simple Nomad          -  No rest for the Wicca'd  -
-      thegnome () nmrc org        -        www.nmrc.org       -
-  thegnome () razor bindview com  -      www.bindview.com     -


You could create a more complicated exploit using ptty's. Basically su
checks if standard input is a tty because they don't want you using 'su'
in shell scripts. But you can still do it, it's just not as easy.

I'd contribute example code but I just woke up. :b

Ian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4lzlmfn9ub9ZE1xoRAvR4AKChxizjFxxUXwfzYWLSi0dU5TbPQwCfdkv6
VdKx0CkPQlnicXgsJDC+B3M=
=QjkA
-----END PGP SIGNATURE-----

Current thread:

Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
  - Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)