Bugtraq mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: vectro () PIPELINE COM (Ian Turner)
Date: Tue, 1 Feb 2000 11:52:04 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 31 Jan 2000, Simple Nomad wrote:
Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of "standard in must be a tty..." therefore the sploit would stop on the first word in the list as if it was the correct password. Therefore I fail to see the exact sploit here. I tried this on a stock RH 6.1 machine. - Simple Nomad - No rest for the Wicca'd - - thegnome () nmrc org - www.nmrc.org - - thegnome () razor bindview com - www.bindview.com -
You could create a more complicated exploit using ptty's. Basically su checks if standard input is a tty because they don't want you using 'su' in shell scripts. But you can still do it, it's just not as easy. I'd contribute example code but I just woke up. :b Ian -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.1 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE4lzlmfn9ub9ZE1xoRAvR4AKChxizjFxxUXwfzYWLSi0dU5TbPQwCfdkv6 VdKx0CkPQlnicXgsJDC+B3M= =QjkA -----END PGP SIGNATURE-----
Current thread:
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)