Bugtraq mailing list archives

Re: vlock vulnerability in RedHat 7.0

From: Jon Lewis <jlewis () LEWIS ORG>
Date: Wed, 8 Nov 2000 09:53:24 -0500

On Tue, 7 Nov 2000, Bartlomiej Grzybicki wrote:

I've tried to lock all virtual consoles
in RedHat 7.0 using vlock, which
is delivered with this release of RedHat.

If user root locks all consoles - it's no problem,
but if normal user locks consoles then
anybody can unlock without typing a password.


As long as someone is looking at the code for vlock, here's another bug.
When you use vlock to lock a VC, it prompts you for your password to
unlock. i.e.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password:

If you hit enter, it prompts you for the root password to unlock.

This TTY is now locked.
Please enter the password to unlock.
jlewis's Password: [pressed enter]
root's Password:

Contrary to the prompt and the man page, the root password will not unlock
this VC.  The user's password, entered at either of the (jlewis|root)'s
Password: prompts will unlock the VC.  I've tested this on Red Hat 6.2 and
7.0.

----------------------------------------------------------------------
 Jon Lewis *jlewis () lewis org*|  I route
 System Administrator        |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

Current thread:

vlock vulnerability in RedHat 7.0 Bartlomiej Grzybicki (Nov 08)
- Re: vlock vulnerability in RedHat 7.0 Trond Eivind Glomsrød (Nov 09)
- Re: vlock vulnerability (solution: w00w00's CAP) Matt Conover (Nov 09)
- Re: vlock vulnerability in RedHat 7.0 Jon Lewis (Nov 09)
  - Re: vlock vulnerability in RedHat 7.0 Luca Berra (Nov 09)
- <Possible follow-ups>
- Re: vlock vulnerability in RedHat 7.0 Vladislav V. Mikhailov (Nov 09)