Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
"standard in must be a tty..." therefore the sploit would stop on the
first word in the list as if it was the correct password. Therefore I fail
to see the exact sploit here. I tried this on a stock RH 6.1 machine.
- Simple Nomad - No rest for the Wicca'd -
- [EMAIL PROTECTED] - www.nmrc.org -
- [EMAIL PROTECTED] - www.bindview.com -
On Sun, 30 Jan 2000, Michal Zalewski wrote:
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.
>
> _______________________________________________________
> Michal Zalewski * [[EMAIL PROTECTED]] <=> [AGS WAN SYSADM]
> [dione.ids.pl SYSADM] <-> [http://lcamtuf.na.export.pl]
> [+48 22 813 25 86] [+48 603 110 160] bash$ :(){ :|:&};:
> =-----=> God is real, unless declared integer. <=-----=
>
