OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: vlock vulnerability in RedHat 7.0
From: Vladislav V. Mikhailov (solarLINKEXPERT.NET)
Date: Wed Nov 08 2000 - 03:04:22 CST

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

That does not work on RH6.x. with vlock version 1.3

Best regards,
Vladislav V. Mikhailov

>I've tried to lock all virtual consoles
>in RedHat 7.0 using vlock, which
>is delivered with this release of RedHat.
>
>If user root locks all consoles - it's no problem,
>but if normal user locks consoles then
>anybody can unlock without typing a password.
>
>Try to use it in the following way:
>
>1. logon as an ordinary user on tty1
>2. logon as root on tty2
>3. Type on tty1 vlock -a
>4. All consoles will be locked.
>5. When vlock asks for password
>press ENTER and don't release the key
>until you see message 'broken pipe'.
>6. If you see it all two consoles are unlocked.
>
>Regards,
>
>Bartlomiej Grzybicki ############################
>MORLINY SA http://www.morliny.pl
>bgrzybickimorliny.pl http://www.bgrzybicki.morliny.pl
>mobile: +48 601 279 976 ########################
>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOgjs5lqnq79lp5QUEQINcQCffQ2cmn+dYtY7e1r5mcuDjrYo8F4AnAm6
V55QUGvBRkq3Qr14RXoIPT77
=SUif
-----END PGP SIGNATURE-----