Bugtraq mailing list archives
Re: KDE Screensaver vulnerability
From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Thu, 19 Nov 1998 01:22:22 +0100
Jason Axley wrote:
So, it sounds like now malicious users who can't read /etc/shadow in order to grab encoded passwords to crack them can just do brute-force password guessing without any lockout or auditing by simply piping password guesses to the setuid kcheckpass program which will happily check them against the shadow entries for correctness.
If I understands it correctly they can only brute-force their own password... But if kcheckpass can be used to check any users password then I agree that this is a security risk.
Or maybe it would give up pieces of /etc/shadow from memory if you could get it to coredump...
Only if your run it on a system which allows coredumps for a suid/sgid program, which I think every one has agreed is a security risk in its own. And I also agree that kcheckpass should delay if the password is incorrect. This is to slow down any attempts to manually bruteforce a screen saver or any thing else relying on kcheckpass. It won't give any added security to the kcheckpass program, but to every program that uses it. --- Henrik Nordstrom
Current thread:
- KDE Screensaver vulnerability Christian Esken (Nov 18)
- Re: KDE Screensaver vulnerability Jason Axley (Nov 18)
- Re: KDE Screensaver vulnerability pedward () WEBCOM COM (Nov 18)
- 'sudo' recommendations Brian Martin (Nov 18)
- Re: 'sudo' recommendations Cy Schubert (Nov 18)
- Re: 'sudo' recommendations Alexey Kuzmichev (Nov 18)
- Re: 'sudo' recommendations Cy Schubert (Nov 18)
- <Possible follow-ups>
- Re: KDE Screensaver vulnerability pedward () WEBCOM COM (Nov 18)
- Re: KDE Screensaver vulnerability Henrik Nordstrom (Nov 18)