Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: RedHat 6.1 /and others/ PAM
From: pawq () KKI NET PL (Crashkiller)
Date: Tue, 1 Feb 2000 13:26:41 +0100


On Sun, 30 Jan 2000, you wrote:

A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
attacker to perform rapid brute-force password cracking attack without any
evidence in system logs.

Exploit attached.

Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
other way.

Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7


--

Save YourSelf And Stay Cool
Crashkiller

+----------------------------------------+
|  WWW  : blue.profex.com.pl/~pawq                                |
|  MAIL : pawq () blue profex com pl  crashev () sys com pl   |
|          crashev () k9 team com pl   pawq () kki net pl           |
|  IRC  : nick crashkiller on #hackingpl #nokia-l                |
|        Polish Linux Userz Group / Plbugz Team                 |
+----------------------------------------+



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault