Simple Nomad wrote:
>
> Trying to "echo PASSWORD | su ACCOUNT" will elicit a response of
> "standard in must be a tty..." therefore the sploit would stop on the
> first word in the list as if it was the correct password. Therefore I fail
> to see the exact sploit here. I tried this on a stock RH 6.1 machine.
this happens on a redhat 5.2:
[markus@balu markus]$ echo wrongpass | su -
Password: su: incorrect password
[markus@balu markus]$ echo rootpass | su -
Password: stdin: is not a tty
so there is a noticeable difference between the right password and the
wrong ones.
this is what redhat 6.1 tells me:
[md@serv md]$ echo wrongpass | su -
standard in must be a tty
[md@serv md]$ echo rightpass | su -
standard in must be a tty
seems like they fixed it.
regards, markus
