[8603] in bugtraq
Re: KDE Screensaver vulnerability
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Wed Nov 18 19:53:30 1998
Date: Thu, 19 Nov 1998 01:22:22 +0100
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
To: BUGTRAQ@NETSPACE.ORG
Jason Axley wrote:
>
> So, it sounds like now malicious users who can't read /etc/shadow in
> order to grab encoded passwords to crack them can just do brute-force
> password guessing without any lockout or auditing by simply piping
> password guesses to the setuid kcheckpass program which will happily
> check them against the shadow entries for correctness.
If I understands it correctly they can only brute-force their own
password... But if kcheckpass can be used to check any users password
then I agree that this is a security risk.
> Or maybe it would give up pieces of /etc/shadow from memory if
> you could get it to coredump...
Only if your run it on a system which allows coredumps for a suid/sgid
program, which I think every one has agreed is a security risk in its
own.
And I also agree that kcheckpass should delay if the password is
incorrect. This is to slow down any attempts to manually bruteforce a
screen saver or any thing else relying on kcheckpass. It won't give any
added security to the kcheckpass program, but to every program that uses
it.
---
Henrik Nordstrom
