Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: RedHat 6.1 /and others/ PAM

Re: RedHat 6.1 /and others/ PAM

From: Crashkiller <pawq_at_KKI.NET.PL>
Date: Tue, 1 Feb 2000 13:26:41 +0100

On Sun, 30 Jan 2000, you wrote:
>
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.

Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7 

--
Save YourSelf And Stay Cool
Crashkiller
+----------------------------------------+
|  WWW  : blue.profex.com.pl/~pawq                                |
|  MAIL : pawq_at_blue.profex.com.pl  crashev_at_sys.com.pl   |
|          crashev_at_k9.team.com.pl   pawq_at_kki.net.pl           |
|  IRC  : nick crashkiller on #hackingpl #nokia-l                |
|        Polish Linux Userz Group / Plbugz Team                 |
+----------------------------------------+
Received on Feb 02 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]