Bug 11344
| Summary: | Insecurity with GDM | ||
|---|---|---|---|
| Product: | [Retired] Red Hat Linux | Reporter: | joejared |
| Component: | gdm | Assignee: | Preston Brown <pbrown> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.1 | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2000-05-24 19:34:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Attachments: | |||
|
Description
joejared
2000-05-10 11:52:54 UTC
Created attachment 236 [details]
a user on smartworld.net recently hacked into my site.
if you examine the logs, you see that they got in via some other account before gdm. It appears they were attacking your system as early as april: messages.2:Apr 29 17:00:38 ns PAM_pwdb[967]: (login) session opened for user root by LOGIN(uid=0) messages.2:Apr 29 18:25:43 ns login: FAILED LOGIN 1 FROM adsl-63-194-25-89.dsl.lsan03.pacbell.net FOR root, Authentication failure There are other signs that users were attempting to gain access as well. They then changed the gdm password to be able to login via that account. Are you sure you have all security errata for your release? Created attachment 238 [details]
This is a log of a chat in irc.concentric.net in channel #phazed, which also evidences the security problems by the number of users named gdm.
This was an inside job. It's also an important lesson about who not to give a shell account to. |