[3722] in bugtraq
Little feature/bug in RedHat Linux
daemon@ATHENA.MIT.EDU (Antti Andreimann)
Mon Dec 2 02:33:34 1996
Date: Mon, 2 Dec 1996 06:57:19 +0200
Reply-To: Antti Andreimann <anttix@cyberix.edu.ee>
From: Antti Andreimann <anttix@cyberix.edu.ee>
X-To: netspace.org!bugtraq@cyberix.edu.ee
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Hi!
I have discovered that an interesting "feature" exists in redhat-4.0
Impact:
Remote Users can find out what accounts exist in system by using login
services (telnet for example).
Reason:
When login get's unknown username error from PAM library it will die immediately
Example:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Red Hat Linux release 4.0 (Colgate)
Kernel 2.0.24 on an i586
login: bug
Password:
Login incorrect
Connection closed by foreign host.
When submitted with a correct username, login will behave normally :
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Red Hat Linux release 4.0 (Colgate)
Kernel 2.0.24 on an i586
login: root
Password:
Login incorrect
login:
login:
login:
login:
--
========================================================================
\||||||||||/ Antti Andreimann
\||||||||||||||/ aka. Cyber
\|||||||||||||||||\ anttix@cyberix.edu.ee
/||||||||||||||||0\__@ ______
/|||||||||||||||||__/ (______) Redistribution via microsoft
\||||||||||||||||/ {} network is prohibited .
(c)siil L L L L _||_
========================================================================
