Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: RedHat 6.1 /and others/ PAM
From: thegnome () NMRC ORG (Simple Nomad)
Date: Mon, 31 Jan 2000 15:14:10 -0600


Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.

-         Simple Nomad          -  No rest for the Wicca'd  -
-      thegnome () nmrc org        -        www.nmrc.org       -
-  thegnome () razor bindview com  -      www.bindview.com     -

On Sun, 30 Jan 2000, Michal Zalewski wrote:

A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
attacker to perform rapid brute-force password cracking attack without any
evidence in system logs.

Exploit attached.

Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
other way.

_______________________________________________________
Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]