Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.
- Simple Nomad - No rest for the Wicca'd -
- thegnome_at_nmrc.org - www.nmrc.org -
- thegnome_at_razor.bindview.com - www.bindview.com -
On Sun, 30 Jan 2000, Michal Zalewski wrote:
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.
>
> _______________________________________________________
> Michal Zalewski * [lcamtuf_at_ags.pl] <=> [AGS WAN SYSADM]
> [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
> [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
> =-----=> God is real, unless declared integer. <=-----=
>
Received on Feb 01 2000
Intro
