andreasCONECTIVA.COM.BR

• Next message: suidSUID.KG: "Local root compromise in PGX Config Sun Sparc Solaris"
• Previous message: LSD: "[LSD] some unpublished LSD exploit codes"
• In reply to: Vincent Danen: "pam question"
• Next in thread: Wichert Akkerman: "Re: pam question"
• Reply: Andreas Hasenack: "Re: pam question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Em Mon, Jul 31, 2000 at 07:50:45PM -0400, Vincent Danen escreveu:
> Hi there. I have a question about the security explots in pam that
> Connectiva and RedHat announced. Does anyone know what version the
> exploit first appeared in? Specifically, I'm wondering if versions
> 0.66 and 0.68 are afflicted with this exploit.

pam_console is the affected module. As stated in the advisories, if
you:
- login remotely (X -broadcast) (have gdm, kdm, whatever running
with XDMCP enabled somewhere)
- after login, start Xnest with -broadcast again, for example
- login again, now you will be using display :1
- this is treated as a console user, and commands only available
  to console users can be run, such as reboot.

I have tried this from versions 0.66 through 0.72 (unpatched) and
the problem exists in those.

There is a problem with versioning with this package, though.
The fixed version has the exact same version number as the previous
one, not even a patch: it's just repackaged in the tar ball.
Pristine sources?

-- 
Andreas Hasenack
andreasconectiva.com.br

• application/pgp-signature attachment: stored

• Next message: suidSUID.KG: "Local root compromise in PGX Config Sun Sparc Solaris"
• Previous message: LSD: "[LSD] some unpublished LSD exploit codes"
• In reply to: Vincent Danen: "pam question"
• Next in thread: Wichert Akkerman: "Re: pam question"
• Reply: Andreas Hasenack: "Re: pam question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]