[13654] in bugtraq
Re: RedHat 6.1 /and others/ PAM
daemon@ATHENA.MIT.EDU (Markus Dobel)
Wed Feb 2 13:11:51 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <389732E7.BD60F7C3@rkus.dobel.de>
Date: Tue, 1 Feb 2000 20:24:23 +0100
Reply-To: Markus Dobel <m@RKUS.DOBEL.DE>
From: Markus Dobel <m@RKUS.DOBEL.DE>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Simple Nomad wrote:
>
> Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
> "standard in must be a tty..." therefore the sploit would stop on the
> first word in the list as if it was the correct password. Therefore I fail
> to see the exact sploit here. I tried this on a stock RH 6.1 machine.
this happens on a redhat 5.2:
[markus@balu markus]$ echo wrongpass | su -
Password: su: incorrect password
[markus@balu markus]$ echo rootpass | su -
Password: stdin: is not a tty
so there is a noticeable difference between the right password and the
wrong ones.
this is what redhat 6.1 tells me:
[md@serv md]$ echo wrongpass | su -
standard in must be a tty
[md@serv md]$ echo rightpass | su -
standard in must be a tty
seems like they fixed it.
regards, markus
