[16055] in bugtraq
Re: pam question
daemon@ATHENA.MIT.EDU (Andreas Hasenack)
Wed Aug 2 13:12:06 2000
Mail-Followup-To: Andreas Hasenack <andreas@conectiva.com.br>,
Vincent Danen <vdanen@MANDRAKESOFT.COM>,
BUGTRAQ@SECURITYFOCUS.COM
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="AhhlLboLdkugWU4S"
Content-Disposition: inline
Message-ID: <20000802094457.C8268@conectiva.com.br>
Date: Wed, 2 Aug 2000 09:44:57 -0300
Reply-To: Andreas Hasenack <andreas@CONECTIVA.COM.BR>
From: Andreas Hasenack <andreas@CONECTIVA.COM.BR>
X-To: Vincent Danen <vdanen@MANDRAKESOFT.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000731195045.C25997@mandrakesoft.com>; from
vdanen@MANDRAKESOFT.COM on Mon, Jul 31, 2000 at 07:50:45PM -0400
--AhhlLboLdkugWU4S
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Em Mon, Jul 31, 2000 at 07:50:45PM -0400, Vincent Danen escreveu:
> Hi there. I have a question about the security explots in pam that
> Connectiva and RedHat announced. Does anyone know what version the
> exploit first appeared in? Specifically, I'm wondering if versions
> 0.66 and 0.68 are afflicted with this exploit.
pam_console is the affected module. As stated in the advisories, if
you:
- login remotely (X -broadcast) (have gdm, kdm, whatever running
with XDMCP enabled somewhere)
- after login, start Xnest with -broadcast again, for example
- login again, now you will be using display :1
- this is treated as a console user, and commands only available
to console users can be run, such as reboot.
I have tried this from versions 0.66 through 0.72 (unpatched) and
the problem exists in those.
There is a problem with versioning with this package, though.=20
The fixed version has the exact same version number as the previous=20
one, not even a patch: it's just repackaged in the tar ball.=20
Pristine sources?
--=20
Andreas Hasenack
andreas@conectiva.com.br
--AhhlLboLdkugWU4S
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5iBfIeEJZs/PdwpARAhZ4AKC/2u1YTnnOSvuQkCNfF100h5jNxACgsWUZ
/pvGFjhffmtnkykW5TwkMuo=
=ZT7S
-----END PGP SIGNATURE-----
--AhhlLboLdkugWU4S--
