On Sun, 30 Jan 2000, you wrote:
>
> A vulnerability /feature?;)/ in PAM shipped with RedHat 6.1 allows
> attacker to perform rapid brute-force password cracking attack without any
> evidence in system logs.
>
> Exploit attached.
>
> Fix: do syslog() stuff before sleep() or change /bin/su behaviour in some
> other way.
Not true.It is already fixed in Red Hat 6.1 - pam-0.68-7
--
Save YourSelf And Stay Cool
Crashkiller
+----------------------------------------+
| WWW : blue.profex.com.pl/~pawq |
| MAIL : [EMAIL PROTECTED] [EMAIL PROTECTED] |
| [EMAIL PROTECTED] [EMAIL PROTECTED] |
| IRC : nick crashkiller on #hackingpl #nokia-l |
| Polish Linux Userz Group / Plbugz Team |
+----------------------------------------+