Bug 186833 - Root logon possible security issue
Summary: Root logon possible security issue
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 4
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-03-27 00:13 UTC by Brad Horrocks
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2006-03-27 13:00:39 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Brad Horrocks 2006-03-27 00:13:17 UTC 
Description of problem:
I'm reporting this because I think it severe enough to be registered as a
possible significant problem.

I'm running the latest FC4 as at 00:01 UTC 27th March 2006

My logon process is via putty.
Direct Root logon is forbidden via 
"PermitRootLogin no" in the sshd_config file.
I normally logon as a user and then su to root

This particular time I commenced to logon with my (non-root) userid and then in
error entered the root password and pushed enter.

I was then logged on as root !!!!!

I have tried several times to replicate the problem with no success and would
normally put it down to one of those things. However the possible security issue
needs to be at least registered as a possible problem.



Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tomas Mraz 2006-03-27 13:00:39 UTC 
I don't think that this is a real bug as you cannot reproduce it anymore. Even
if it was, it would be even impossible to find it without a reproducer. If you
can find the reproducer please reopen.
Note You need to log in before you can comment on or make changes to this bug.