Bugtraq mailing list archives
RedHat 6.1 /and others/ PAM
From: lcamtuf () AGS PL (Michal Zalewski)
Date: Sun, 30 Jan 2000 12:12:16 +0100
A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows attacker to perform rapid brute-force password cracking attack without any evidence in system logs. Exploit attached. Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some other way. _______________________________________________________ Michal Zalewski * [lcamtuf () ags pl] <=> [AGS WAN SYSADM] [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl] [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----= <HR NOSHADE> <UL> <LI>APPLICATION/X-SH attachment: stored </UL>
Current thread:
- Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) der Mouse (Jan 27)
- rzsz emails usage stats without user consent Kris Kennaway (Jan 29)
- Re: Future of s/key (Re: S/Key & OPIE Database Vulnerability) Greg A. Woods (Jan 29)
- RedHat 6.1 /and others/ PAM Michal Zalewski (Jan 30)
- Disable Parent Paths Robert Zachary (Jan 31)