Bug 11344 - Insecurity with GDM
Insecurity with GDM
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: gdm (Show other bugs)
6.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Preston Brown
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-05-10 07:52 EDT by joejared
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-05-24 15:34:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
a user on smartworld.net recently hacked into my site. (712.08 KB, application/octet-stream)
2000-05-10 07:56 EDT, joejared
no flags Details
This is a log of a chat in irc.concentric.net in channel #phazed, which also evidences the security problems by the number of users named gdm. (10.23 KB, text/plain)
2000-05-11 10:33 EDT, joejared
no flags Details

  None (edit)
Description joejared 2000-05-10 07:52:54 EDT
Recently, someone got into my site and installed eggbot, using user GDM.  I
have all logs available.
Comment 1 joejared 2000-05-10 07:56:59 EDT
Created attachment 236 [details]
a user on smartworld.net recently hacked into my site.
Comment 2 Preston Brown 2000-05-10 16:14:59 EDT
if you examine the logs, you see that they got in via some other account before
gdm.

It appears they were attacking your system as early as april:

messages.2:Apr 29 17:00:38 ns PAM_pwdb[967]: (login) session opened for user
root by LOGIN(uid=0)
messages.2:Apr 29 18:25:43 ns login: FAILED LOGIN 1 FROM
adsl-63-194-25-89.dsl.lsan03.pacbell.net FOR root, Authentication failure

There are other signs that users were attempting to gain access as well.

They then changed the gdm password to be able to login via that account.

Are you sure you have all security errata for your release?
Comment 3 joejared 2000-05-11 10:33:59 EDT
Created attachment 238 [details]
This is a log of a chat in irc.concentric.net in channel #phazed, which also evidences the security problems by the number of users named gdm.
Comment 4 joejared 2000-05-11 16:14:59 EDT
This was an inside job.  It's also an important lesson about who not to give a
shell account to.

Note You need to log in before you can comment on or make changes to this bug.