Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: RedHat 6.1 /and others/ PAM
From: keith () HAGGLEWARE COM (Keith Warno)
Date: Wed, 2 Feb 2000 15:30:19 -0500


For the curious, on SuSE 6.2 (PAM 0.68):

keith () develop[pts/11]:~/work/dev$ echo ls ~archive | su archive
Password:
Mailbox      backups      linux        public_html  scripts      tmp
keith () develop[pts/11]:~/work/dev$ echo ls ~archive | su archive
Password:
su: incorrect password
keith () develop[pts/11]:~/work/dev$

Always asks for password regardless of pipe.  Anything passed to su via pipe
is used as if it's an arg to -c option.

----- Original Message -----
From: "Markus Dobel" <m () RKUS DOBEL DE>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: 01 February 2000, Tuesday 14:24
Subject: Re: RedHat 6.1 /and others/ PAM

| Simple Nomad wrote:
| >
| > Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
| > "standard in must be a tty..." therefore the sploit would stop on the
| > first word in the list as if it was the correct password. Therefore I
fail
| > to see the exact sploit here. I tried this on a stock RH 6.1 machine.
|
| this happens on a redhat 5.2:
|
| [markus () balu markus]$ echo wrongpass | su -
| Password: su: incorrect password
| [markus () balu markus]$ echo rootpass | su -
| Password: stdin: is not a tty
|
| so there is a noticeable difference between the right password and the
| wrong ones.
|
| this is what redhat 6.1 tells me:
|
| [md () serv md]$ echo wrongpass | su -
| standard in must be a tty
| [md () serv md]$ echo rightpass | su -
| standard in must be a tty
|
| seems like they fixed it.
|
| regards, markus
|


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]