Bugtraq mailing list archives
Re: RedHat 6.1 /and others/ PAM
From: pawq () KKI NET PL (Crashkiller)
Date: Tue, 1 Feb 2000 13:26:41 +0100
On Sun, 30 Jan 2000, you wrote:
A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows attacker to perform rapid brute-force password cracking attack without any evidence in system logs. Exploit attached. Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some other way.
Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7 -- Save YourSelf And Stay Cool Crashkiller +----------------------------------------+ | WWW : blue.profex.com.pl/~pawq | | MAIL : pawq () blue profex com pl crashev () sys com pl | | crashev () k9 team com pl pawq () kki net pl | | IRC : nick crashkiller on #hackingpl #nokia-l | | Polish Linux Userz Group / Plbugz Team | +----------------------------------------+
Current thread:
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Jan 31)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Keith Warno (Feb 02)
- Re: RedHat 6.1 /and others/ PAM Ian Turner (Feb 01)
- <Possible follow-ups>
- Re: RedHat 6.1 /and others/ PAM Crashkiller (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Simple Nomad (Feb 01)
- Re: RedHat 6.1 /and others/ PAM Markus Dobel (Feb 01)