[17556] in bugtraq
Re: vlock vulnerability in RedHat 7.0
daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Nov 8 14:06:32 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10011080948270.1443-100000@redhat1.mmaero.com>
Date: Wed, 8 Nov 2000 09:53:24 -0500
Reply-To: jlewis@LEWIS.ORG
From: Jon Lewis <jlewis@LEWIS.ORG>
X-To: Bartlomiej Grzybicki <bgrzybicki@morliny.pl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <001f01c04888$f18d3810$d400000a@bart>
On Tue, 7 Nov 2000, Bartlomiej Grzybicki wrote:
> I've tried to lock all virtual consoles
> in RedHat 7.0 using vlock, which
> is delivered with this release of RedHat.
>
> If user root locks all consoles - it's no problem,
> but if normal user locks consoles then
> anybody can unlock without typing a password.
As long as someone is looking at the code for vlock, here's another bug.
When you use vlock to lock a VC, it prompts you for your password to
unlock. i.e.
This TTY is now locked.
Please enter the password to unlock.
jlewis's Password:
If you hit enter, it prompts you for the root password to unlock.
This TTY is now locked.
Please enter the password to unlock.
jlewis's Password: [pressed enter]
root's Password:
Contrary to the prompt and the man page, the root password will not unlock
this VC. The user's password, entered at either of the (jlewis|root)'s
Password: prompts will unlock the VC. I've tested this on Red Hat 6.2 and
7.0.
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
