Bugtraq mailing list archives

Re: vlock vulnerability in RedHat 7.0

From: "Vladislav V. Mikhailov" <solar () LINKEXPERT NET>
Date: Wed, 8 Nov 2000 12:04:22 +0300

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That does not work on RH6.x. with vlock version 1.3

Best regards,
Vladislav V. Mikhailov

I've tried to lock all virtual consoles
in RedHat 7.0 using vlock, which
is delivered with this release of RedHat.

If user root locks all consoles - it's no problem,
but if normal user locks consoles then
anybody can unlock without typing a password.

Try to use it in the following way:

1. logon as an ordinary user on tty1
2. logon as root on tty2
3. Type on tty1 vlock -a
4. All consoles will be locked.
5. When vlock asks for password
press ENTER and don't release the key
until you see message 'broken pipe'.
6. If you see it all two consoles are unlocked.

Regards,

Bartlomiej Grzybicki ############################
MORLINY SA http://www.morliny.pl
bgrzybicki () morliny pl http://www.bgrzybicki.morliny.pl
mobile: +48 601 279 976 ########################


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOgjs5lqnq79lp5QUEQINcQCffQ2cmn+dYtY7e1r5mcuDjrYo8F4AnAm6
V55QUGvBRkq3Qr14RXoIPT77
=SUif
-----END PGP SIGNATURE-----

Current thread:

vlock vulnerability in RedHat 7.0 Bartlomiej Grzybicki (Nov 08)
- Re: vlock vulnerability in RedHat 7.0 Trond Eivind Glomsrød (Nov 09)
- Re: vlock vulnerability (solution: w00w00's CAP) Matt Conover (Nov 09)
- Re: vlock vulnerability in RedHat 7.0 Jon Lewis (Nov 09)
  - Re: vlock vulnerability in RedHat 7.0 Luca Berra (Nov 09)
- <Possible follow-ups>
- Re: vlock vulnerability in RedHat 7.0 Vladislav V. Mikhailov (Nov 09)