[17559] in bugtraq
Re: vlock vulnerability in RedHat 7.0
daemon@ATHENA.MIT.EDU (Vladislav V. Mikhailov)
Wed Nov 8 14:57:39 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Message-Id: <004101c04962$e2fe1960$0b01a8c0@solar.linkexpert.net>
Date: Wed, 8 Nov 2000 12:04:22 +0300
Reply-To: "Vladislav V. Mikhailov" <solar@LINKEXPERT.NET>
From: "Vladislav V. Mikhailov" <solar@LINKEXPERT.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
That does not work on RH6.x. with vlock version 1.3
Best regards,
Vladislav V. Mikhailov
>I've tried to lock all virtual consoles
>in RedHat 7.0 using vlock, which
>is delivered with this release of RedHat.
>
>If user root locks all consoles - it's no problem,
>but if normal user locks consoles then
>anybody can unlock without typing a password.
>
>Try to use it in the following way:
>
>1. logon as an ordinary user on tty1
>2. logon as root on tty2
>3. Type on tty1 vlock -a
>4. All consoles will be locked.
>5. When vlock asks for password
>press ENTER and don't release the key
>until you see message 'broken pipe'.
>6. If you see it all two consoles are unlocked.
>
>Regards,
>
>Bartlomiej Grzybicki ############################
>MORLINY SA http://www.morliny.pl
>bgrzybicki@morliny.pl http://www.bgrzybicki.morliny.pl
>mobile: +48 601 279 976 ########################
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBOgjs5lqnq79lp5QUEQINcQCffQ2cmn+dYtY7e1r5mcuDjrYo8F4AnAm6
V55QUGvBRkq3Qr14RXoIPT77
=SUif
-----END PGP SIGNATURE-----
