Bugtraq mailing list archives
Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f
From: ebradley () telesph com (Eugene Bradley)
Date: Tue, 8 Apr 1997 08:30:48 +0000
I just tested this "LOCKOUT" variable hole in /etc/default/login on my Solaris 2.5.1 box (with all relevant recommended & security patches installed) -- no dice. On 7 Apr 97 at 16:12, Illuminati Primus <vermont () GATE NET> writes:
Several modern unixes provide configuration options for security and logging in a file called /etc/default/login. Irix, and I assume some others but perhaps it's an Irix invention, includes a variable "LOCKOUT" which causes an account with a specified number of incorrect login attempts in a row to be locked (one successful login resets the count). This seems like a really good idea, especially if you set the variable high enough that no one would ever be locked out through mistakes whereas any automated password guessing program (which ran over the net by telnetting in) would be stopped. Since one successful login clears the record, people are not able to accumulate the requisite number of failures over an extended period of time so as to be suddenly surprised one day. It should be good, if not for the following serious security flaw, at least in Irix, checked in both 5.3 and 6.2.
[..deletia...]
ajr <flaps () dgp utoronto ca>
-- Eugene Bradley System Administrator, Telesphere Corporation--New York, NY eugene.bradley () telesph com
Current thread:
- Password problem in Trumpet Winsock. null (Apr 06)
- Linux - buffer overflow in filter Mikhail Iakovlev (Apr 06)
- Re: Password problem in Trumpet Winsock. John Sheehy (Apr 06)
- Re: Password problem in Trumpet Winsock. Michael Douglass (Apr 07)
- Netware + Win95 issue Lauri Laupmaa (Apr 07)
- Re: Netware + Win95 issue Paul Melson (Apr 08)
- Another one javascript exploit attempt? Andrew V. Kovalev (Apr 07)
- DUMP of NT system crash Vytautas Vysniauskas (Apr 07)
- Re: Password problem in Trumpet Winsock. Paul Melson (Apr 07)
- BoS: /etc/default/login LOCKOUT= creates arbitrary files (fwd) Illuminati Primus (Apr 07)
- Re: BoS: /etc/default/login LOCKOUT= creates arbitrary files (f Eugene Bradley (Apr 08)
- FreeBSD Security Advisory: FreeBSD-SA-97:03.sysinstall Aleph One (Apr 07)
- CERT Advisory CA-97.09 - Vulnerability in IMAP and POP Aleph One (Apr 07)
- [linux-security] amd 920824upl102 ignores the nodev option Aleph One (Apr 08)