Re: RedHat 6.1 /and others/ PAM

Crashkiller Wed, 2 Feb 2000 13:36:16 -0800

On Sun, 30 Jan 2000, you wrote:
>
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.

Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7


--

Save YourSelf And Stay Cool
Crashkiller

+----------------------------------------+
|  WWW  : blue.profex.com.pl/~pawq                                |
|  MAIL : [EMAIL PROTECTED]  [EMAIL PROTECTED]   |
|          [EMAIL PROTECTED]   [EMAIL PROTECTED]           |
|  IRC  : nick crashkiller on #hackingpl #nokia-l                |
|        Polish Linux Userz Group / Plbugz Team                 |
+----------------------------------------+

Re: RedHat 6.1 /and others/ PAM

Reply via email to