[11834] in bugtraq
Re: RH 6.0 shadow passwords and locking users bug
daemon@ATHENA.MIT.EDU (Prince Ctrl)
Sat Sep 11 00:53:26 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990909133703.15185.rocketmail@web1.rocketmail.com>
Date: Thu, 9 Sep 1999 06:37:03 -0700
Reply-To: Prince Ctrl <princectrl@ROCKETMAIL.COM>
From: Prince Ctrl <princectrl@ROCKETMAIL.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
I'd would like to note that the fix I posted last week was intended
for our group only...it was a quick fix and I probably should have
never posted it on the list. I would think that it would still fix the
problem, as we don't have anything "special" or "modified" relative to
the passwd package...
I was informed that Red Hat is presently working on a PGP-signed
modification to the passwd package...
===
PrinceC
Security Administrator/Consultant
princectrl@rocketmail.com
---Walter Klomp <walter@SWIFTECH.NET.SG> wrote:
>
> Hi,
>
> I solved this problem by downloading the source of the latest
> shadow-password package, and just recompile and make install...
>
> It's indeed an error in the .rpm of RedHat 6.0...
>
> Hope this helps
> Regards
> Walter
>
> > -----Original Message-----
> > From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of
Shuman
> > Sent: Thursday, September 02, 1999 7:24 AM
> > To: BUGTRAQ@SECURITYFOCUS.COM
> > Subject: Re: RH 6.0 shadow passwords and locking users bug
> >
> >
> > On Mon, 30 Aug 1999, Prince Ctrl wrote:
> > [ When administering a Red Hat 6.0 server and locking users with the
> > [ 'passwd -l <user>' command, and then unlocking a user with the
'passwd
> > [ -u <user>' command, a control character is added to the end of a
> > [ users' encrypted password in the form of a "^Q" in the shadowed
passwd
> > [ file.
> >
> > The "usermod" program, a part of shadow-utils that comes with
RedHat 6.0
> > has a similar feature and does NOT has this "^Q" problem when
unlocking.
> >
> > To lock an account:
> > usermod -L username
> >
> > To unlock an account:
> > usermod -U username
> >
> > [ OS affected/tested: Red Hat 6.0
> >
> > Too bad, I just upgraded the last RH 5.2 box to 6.0 today!
> >
> > ---
> > M S Anam <shuman@annexgrp.org>
> >
> > Annex Group, Bangladesh We hack to learn!
> >
> > Those who can't write, write manuals.
> >
>
_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
