Full Disclosure mailing list archives
Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT
From: Mikhail Iakovlev <misha () cerber no> (Mikhail Iakovlev)
Date: Sun, 15 Sep 2002 19:30:23 +0200
Hello ppan, Sunday, September 15, 2002, 6:22:15 PM, you wrote: This is a bullshit. /proc/kcore is like an "alias" for the memory in your computer. Its size is the same as the amount of RAM you have, and if you read it as a file, the kernel does memory reads. The whole /proc file system is virtual. In short it provides information about your computer configuration. Don't worry, it does not actually occupy your computer's resources, except some memory. And removing this file...hah, I'd love to see how you do it, since file is sort of linked to actual memory. You will get something like "Operation not permitted" or "Access denied" (sorry folks, don't have Linux box in hands right now). Besides, if you cat /etc/shadow, it's content will be written in swap partition/file (depending how you configured your system). Is it a flaw too?:))) Ask yourself, why both of these files have no group or others access? Ever occured to you that this could have made on purpose? Guys, don't take this alarm seriously, is another attempt for hoax and make you do something that you don't want to try or understand. P.S. PPan, you're full of shit :) phc> -----BEGIN PGP SIGNED MESSAGE----- phc> Hash: SHA1 phc> oops, someone edited my mail phc> .-( <-- oneeyed pirate phc> the fix is of course: rm -rf /proc/kcore
Problem: Linux stores your passwords in plaintext See proof of concept exploit below Fix: rm -rf /dev/kmem Demonstration: ---flic--- bash$ ./passcheck.sh secret checkpass v1.5 Proves that kmem leakes your passwords Needs to be run as root By etah^etihw aka peter-pan Checking for password 'secret' Binary file /proc/kcore matches -flac- OMG!!!! it matches!!! Please don't tell anyone my root password because I cant change it because i deleted the passwd program because i thougt that it is vulnerable but I think it was not vulnerable but i cant get it because I have to port undel.exe to lunix first. Here is the 0-DAY exploit! Please do not abuse!!! ---click--- #!/bin/bash # POC exploit # shows kmem is a fscking leaker! echo "checkpass v1.5"; echo "proves that kmem leakes your passwords"; echo "needs to be run as root"; echo "by etah^etihw"; echo " "; echo "checking for password '$1'"; grep $1 /proc/kcore ---clack--- (do not forget to make 'chmod +x passcheck.sh'!!) Greets: zisss (you are the man bro!!) drater (mad resopectz to yu0!!) verb (wuz up? your a.t. owns me ass!!) jchrist (your dad > *) regards Peter Pan
phc> -----BEGIN PGP SIGNATURE----- phc> Version: Hush 2.1 phc> Note: This signature can be verified at https://www.hushtools.com phc> wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O phc> iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w== phc> =ZL7v phc> -----END PGP SIGNATURE----- phc> Get your free encrypted email at https://www.hushmail.com phc> _______________________________________________ phc> Full-Disclosure - We believe in it. phc> Charter: http://lists.netsys.com/full-disclosure-charter.html -- Best regards, Mikhail mailto:misha () cerber no
Current thread:
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Ka (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT John (Sep 16)
- <Possible follow-ups>
- ALERT ALERT plaintext passwords in linux ALERT ALERT ppan () hushmail com (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT martin f krafft (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Michal Zalewski (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT silvio () big net au (Sep 15)
- Re[2]: ALERT ALERT plaintext passwords in linux ALERT ALERT Mikhail Iakovlev (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT Guy Cohen (Sep 15)
- ALERT ALERT plaintext passwords in linux ALERT ALERT White Vampire (Sep 15)