search for: libpwdb

Can anyone using PAM and rsa-rhosts authentication replicate this? Damien -------------- next part -------------- An embedded message was scrubbed... From: Adrian Baugh <adrian at merlin.keble.ox.ac.uk> Subject: Serious Bug Report: OpenSSH Date: Wed, 1 Dec 1999 02:38:56 +0000 (GMT) Size: 3926 Url:

Hi, I''ve been writing a login application to utilize the features of both PAM and libpwdb. Not surprisingly, this has meant looking at some old code.. The following denial of service attack seems to work quite nicely on my ancient Red Hat 3.0.3 system with the standard login application. Perhaps this is not a problem with 4.0? Does anyone know about other distributions? joe$ nvi /var...

...Z>@AXQLW265]7IY MSZ^^2D1"1PF->R^#_L0!7=K^NXVB@XU*#I@);''AQ"HBVW2;0UHU::S5J\H_Y M,B8,(AC&B9E!*3]Q3<7`CD+WX^[)#@VF.QP,.WVO-_V?K6V?_R''\N<0[AGDP -KCKDUB\"@@\%S`,````` ` end -- Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html libpwdb: http://parc.power.net/morgan/libpwdb/index.html

...s. Whether such modifications ever get distributed with a future kernel is out of my hands, but the more discussion the better the design, and the more attractive such changes will ultimately be. Best wishes Andrew -- Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html libpwdb: http://parc.power.net/morgan/libpwdb/index.html [ For those that prefer FTP --- ftp://ftp.lalug.org/morgan ]

...is NOTHING you can do to prevent people giving away the access they have themselves. They can give their password away, and for example the above trick can be used to give just their group access away....] Andrew -- Linux-PAM: http://parc.power.net/morgan/Linux-PAM/index.html libpwdb: http://parc.power.net/morgan/libpwdb/index.html From mail@mail.redhat.com mail2.redhat.com dutecai.et.tudelft.nl by (8.6.10/1.34JP) Received: (qmail 11199 invoked from network); 29 Nov 1996 06:56:12 -0000 Received: from rosie.et.tudelft.nl (130.161.127.248) by mail2.redhat.com with SMTP; 29 N...

Phexro <ieure@linknet.kitsap.lib.wa.us> writes: > chroot()''d processes. So, important system calls could be modified thus: Since there are tons of syscalls and new ones appearing all the time, "Fixing" some of them doesn''t seem like a good idea. It seems more reasonbale to deny access to all of them, except for a few specific ones (that can moreover be

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

Hi, I have discovered a bug in the rhost module of Linux-PAM-0.57. This bug leads to a vulnerability in the remote login authentication, with the effect that ordinary user accounts may not be password protected. There is only one case when the bug causes a vulnerability: The problem case is when the user''s .rhost file has the name of a machine with *more than one IP address* as the

....net> Subject: denial of service attack on login To: linux-security@redhat.com (Linux Security) Date: Tue, 26 Nov 1996 07:49:33 -0800 (PST) Cc: johnsonm@redhat.com (Michael K. Johnson) Content-Type: text Hi, I''ve been writing a login application to utilize the features of both PAM and libpwdb. Not surprisingly, this has meant looking at some old code.. The following denial of service attack seems to work quite nicely on my ancient Red Hat 3.0.3 system with the standard login application. Perhaps this is not a problem with 4.0? Does anyone know about other distributions? joe$ nvi /var...