A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
attacker to perform rapid brute-force password cracking attack without any
evidence in system logs.
Exploit attached.
Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
other way.
_______________________________________________________
Michal Zalewski * [[EMAIL PROTECTED]] <=> [AGS WAN SYSADM]
[dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
[+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
=-----=> God is real, unless declared integer. <=-----=
bruterh.sh
