openssh unix dev - Mar 2002 - [Bug 145] New: sshd fails to increment AIX login failed counter

http://bugzilla.mindrot.org/show_bug.cgi?id=145

           Summary: sshd fails to increment AIX login failed counter
           Product: Portable OpenSSH
           Version: -current
          Platform: Other
        OS/Version: AIX
            Status: NEW
          Severity: security
          Priority: P1
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: mandar at webchat.chatsystems.com


Failed password attempts fail to increment the default AIX loginretries 
counter. This can be used as a password crack exploit on AIX boxes.

Fixes to auth1.c, auth2.c, auth.c -

# diff -rc auth.c.old auth.c    
*** auth.c.old  Mon Mar  4 20:42:43 2002
--- auth.c      Thu Mar  7 14:46:40 2002
***************
*** 231,236 ****
--- 231,242 ----
            get_remote_ipaddr(),
            get_remote_port(),
            info);
+ 
+ #ifdef WITH_AIXAUTHENTICATE
+       if (authenticated == 0 && strcmp(method, "password")
== 0)
+             loginfailed(authctxt->user, get_canonical_hostname
(options.reverse_mapping_check), "ssh");
+ #endif /* WITH_AIXAUTHENTICATE */
+ 
  }
  
  /*


# diff -rc auth1.c.old auth1.c
*** auth1.c.old Thu Feb 14 04:39:50 2002
--- auth1.c     Thu Mar  7 14:42:34 2002
***************
*** 337,347 ****
                        return;
  
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
- #ifdef WITH_AIXAUTHENTICATE
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname
(options.verify_reverse_mapping),
-                           "ssh");
- #endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
  
--- 337,342 ----


# diff -rc auth2.c.old auth2.c
*** auth2.c.old Tue Feb 26 13:09:43 2002
--- auth2.c     Thu Mar  7 14:42:42 2002
***************
*** 262,272 ****
                authctxt->success = 1;
        } else {
                if (authctxt->failures++ > AUTH_FAIL_MAX) {
- #ifdef WITH_AIXAUTHENTICATE
-                       loginfailed(authctxt->user,
-                           get_canonical_hostname
(options.verify_reverse_mapping),
-                           "ssh");
- #endif /* WITH_AIXAUTHENTICATE */
                        packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
                }
                methods = authmethods_get();
--- 262,267 ----



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.