Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: RedHat 6.1 /and others/ PAM
From: vectro () PIPELINE COM (Ian Turner)
Date: Tue, 1 Feb 2000 11:52:04 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 31 Jan 2000, Simple Nomad wrote:

Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.

-         Simple Nomad          -  No rest for the Wicca'd  -
-      thegnome () nmrc org        -        www.nmrc.org       -
-  thegnome () razor bindview com  -      www.bindview.com     -

You could create a more complicated exploit using ptty's. Basically su
checks if standard input is a tty because they don't want you using 'su'
in shell scripts. But you can still do it, it's just not as easy.

I'd contribute example code but I just woke up. :b

Ian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4lzlmfn9ub9ZE1xoRAvR4AKChxizjFxxUXwfzYWLSi0dU5TbPQwCfdkv6
VdKx0CkPQlnicXgsJDC+B3M=
=QjkA
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault