[13686] in bugtraq
Re: RedHat 6.1 /and others/ PAM
daemon@ATHENA.MIT.EDU (Keith Warno)
Thu Feb 3 14:21:34 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <001201bf6dbc$526fc880$9e0a010a@muaoinc.net>
Date: Wed, 2 Feb 2000 15:30:19 -0500
Reply-To: Keith Warno <keith@HAGGLEWARE.COM>
From: Keith Warno <keith@HAGGLEWARE.COM>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
For the curious, on SuSE 6.2 (PAM 0.68):
keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive
Password:
Mailbox backups linux public_html scripts tmp
keith@develop[pts/11]:~/work/dev$ echo ls ~archive | su archive
Password:
su: incorrect password
keith@develop[pts/11]:~/work/dev$
Always asks for password regardless of pipe. Anything passed to su via pipe
is used as if it's an arg to -c option.
----- Original Message -----
From: "Markus Dobel" <m@RKUS.DOBEL.DE>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: 01 February 2000, Tuesday 14:24
Subject: Re: RedHat 6.1 /and others/ PAM
| Simple Nomad wrote:
| >
| > Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
| > "standard in must be a tty..." therefore the sploit would stop on the
| > first word in the list as if it was the correct password. Therefore I
fail
| > to see the exact sploit here. I tried this on a stock RH 6.1 machine.
|
| this happens on a redhat 5.2:
|
| [markus@balu markus]$ echo wrongpass | su -
| Password: su: incorrect password
| [markus@balu markus]$ echo rootpass | su -
| Password: stdin: is not a tty
|
| so there is a noticeable difference between the right password and the
| wrong ones.
|
| this is what redhat 6.1 tells me:
|
| [md@serv md]$ echo wrongpass | su -
| standard in must be a tty
| [md@serv md]$ echo rightpass | su -
| standard in must be a tty
|
| seems like they fixed it.
|
| regards, markus
|
