Bug 20833 - halt script allows remote DoS
Summary: halt script allows remote DoS
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: usermode   
(Show other bugs)
Version: 7.0
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Bill Nottingham
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-14 16:12 UTC by Need Real Name
Modified: 2014-03-17 02:17 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-14 18:38:48 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Need Real Name 2000-11-14 16:12:12 UTC
The halt script performs the same actions as "shutdown -h now".  The 
shutdown script can only be run by root.  The halt script, which points 
to /usr/bin/consolehelper allows a remote, unprivledged user to execute 
the halt command, thus halting the machine.  This is an explotable DoS 
attack, for any RedHat machine that allows remote shell access.  This is 
the default installation of RedHat 7.0.

Comment 1 Bernhard Rosenkraenzer 2000-11-14 16:19:43 UTC
This has nothing to do with console-tools, reassigning...

Also, I think the default setting is to let only local users shut down the system.


Comment 2 Need Real Name 2000-11-14 16:36:32 UTC
Sorry for the console-tools assignment, that was a guess.  I just tested this 
on a RedHat 7.0 box with a normal user (ie., no special group perms, etc.) from 
a simple telnet session and I was able to halt the remote box.  My original 
assumption was that this was only for console users as well, but it turns out 
that it is remote exploitable.

Comment 3 Jeremy Katz 2000-11-14 17:52:57 UTC
Do you have the latest usermode errata (1.37) installed?  I can't reproduce this
problem with all of the current errata, although it was possible prior to one of
the usermode errata updates.

Comment 4 Need Real Name 2000-11-14 18:38:45 UTC
The usermode 1.37 errata fixes the problem.  The description for the patch says 
nothing specific that would have lead me to believe that it fixed this 
problem.  It does mention that it fixes a "potential" security problem in 
userhelper, but I don't know if this is what was meant.  Thanks for the help.

Comment 5 Bill Nottingham 2000-11-14 19:34:23 UTC
OK, resolving as fixed in the errata release.


Note You need to log in before you can comment on or make changes to this bug.