[22811] in bugtraq
pam_limits.so Bug!!
daemon@ATHENA.MIT.EDU (Devrim SERAL)
Tue Oct 9 00:59:23 2001
Message-ID: <3BC1AFB9.3FF88F86@gantek.com>
Date: Mon, 08 Oct 2001 16:52:57 +0300
From: Devrim SERAL <devrim.seral@gantek.com>
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=iso-8859-9
Content-Transfer-Encoding: 7bit
Devrim SERAL wrote:
>
> Hi ,
>
> Today i found some interesting bug when i tried to use pam_limits.so in
> login pam configuration.
>
> Today one of my user warn me that when he log on the our Linux server he
> gain
> my rights. Firstly i think someone break our system. But when i checked
> all logs
> i didn't found any break sign.
>
> Then i think xinetd or in.telnetd have some bug. I checked all updates
> from redhat and
> found that we are on lastest patch level at all packets..
>
> Next i have disable telnetd from xinetd to all Lan and only permit to
> access from my IP number. And check all possibility.
>
> Finally i found that only student groups member gain console or pts/0
> rights..
> And i remember at weekend i have changed /etc/security/limits.conf for
> limit our student
> maxlogin count to two.
>
> Only i added below line to this file:
> @student hard maxlogins 2
>
> And also added below line to pam configuration of login:
> session required pam_limits.so
>
> When i comment pam_limits.so related line the problem solved..
>
> I wonder that if its related only for our server or pam module specific?
>
> devrim
>
> Note: The server run on Redhat 7.1 Kernel 2.4.10 and all packets at
> lastest patch level.
