Bugtraq mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: m () RKUS DOBEL DE (Markus Dobel)
Date: Tue, 1 Feb 2000 20:24:23 +0100
Simple Nomad wrote:
Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of "standard in must be a tty..." therefore the sploit would stop on the first word in the list as if it was the correct password. Therefore I fail to see the exact sploit here. I tried this on a stock RH 6.1 machine.
this happens on a redhat 5.2: [markus@balu markus]$ echo wrongpass | su - Password: su: incorrect password [markus@balu markus]$ echo rootpass | su - Password: stdin: is not a tty so there is a noticeable difference between the right password and the wrong ones. this is what redhat 6.1 tells me: [md@serv md]$ echo wrongpass | su - standard in must be a tty [md@serv md]$ echo rightpass | su - standard in must be a tty seems like they fixed it. regards, markus
Current thread:
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)