bugzilla-daemon at mindrot.org
2002-Mar-07 19:59 UTC
[Bug 145] New: sshd fails to increment AIX login failed counter
http://bugzilla.mindrot.org/show_bug.cgi?id=145 Summary: sshd fails to increment AIX login failed counter Product: Portable OpenSSH Version: -current Platform: Other OS/Version: AIX Status: NEW Severity: security Priority: P1 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: mandar at webchat.chatsystems.com Failed password attempts fail to increment the default AIX loginretries counter. This can be used as a password crack exploit on AIX boxes. Fixes to auth1.c, auth2.c, auth.c - # diff -rc auth.c.old auth.c *** auth.c.old Mon Mar 4 20:42:43 2002 --- auth.c Thu Mar 7 14:46:40 2002 *************** *** 231,236 **** --- 231,242 ---- get_remote_ipaddr(), get_remote_port(), info); + + #ifdef WITH_AIXAUTHENTICATE + if (authenticated == 0 && strcmp(method, "password") == 0) + loginfailed(authctxt->user, get_canonical_hostname (options.reverse_mapping_check), "ssh"); + #endif /* WITH_AIXAUTHENTICATE */ + } /* # diff -rc auth1.c.old auth1.c *** auth1.c.old Thu Feb 14 04:39:50 2002 --- auth1.c Thu Mar 7 14:42:34 2002 *************** *** 337,347 **** return; if (authctxt->failures++ > AUTH_FAIL_MAX) { - #ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user, - get_canonical_hostname (options.verify_reverse_mapping), - "ssh"); - #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } --- 337,342 ---- # diff -rc auth2.c.old auth2.c *** auth2.c.old Tue Feb 26 13:09:43 2002 --- auth2.c Thu Mar 7 14:42:42 2002 *************** *** 262,272 **** authctxt->success = 1; } else { if (authctxt->failures++ > AUTH_FAIL_MAX) { - #ifdef WITH_AIXAUTHENTICATE - loginfailed(authctxt->user, - get_canonical_hostname (options.verify_reverse_mapping), - "ssh"); - #endif /* WITH_AIXAUTHENTICATE */ packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } methods = authmethods_get(); --- 262,267 ---- ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.