Bug 20833 - halt script allows remote DoS
halt script allows remote DoS
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: usermode (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bill Nottingham
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-11-14 11:12 EST by Need Real Name
Modified: 2014-03-16 22:17 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-14 13:38:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2000-11-14 11:12:12 EST
The halt script performs the same actions as "shutdown -h now".  The 
shutdown script can only be run by root.  The halt script, which points 
to /usr/bin/consolehelper allows a remote, unprivledged user to execute 
the halt command, thus halting the machine.  This is an explotable DoS 
attack, for any RedHat machine that allows remote shell access.  This is 
the default installation of RedHat 7.0.
Comment 1 Bernhard Rosenkraenzer 2000-11-14 11:19:43 EST
This has nothing to do with console-tools, reassigning...

Also, I think the default setting is to let only local users shut down the system.
Comment 2 Need Real Name 2000-11-14 11:36:32 EST
Sorry for the console-tools assignment, that was a guess.  I just tested this 
on a RedHat 7.0 box with a normal user (ie., no special group perms, etc.) from 
a simple telnet session and I was able to halt the remote box.  My original 
assumption was that this was only for console users as well, but it turns out 
that it is remote exploitable.
Comment 3 Jeremy Katz 2000-11-14 12:52:57 EST
Do you have the latest usermode errata (1.37) installed?  I can't reproduce this
problem with all of the current errata, although it was possible prior to one of
the usermode errata updates.
Comment 4 Need Real Name 2000-11-14 13:38:45 EST
The usermode 1.37 errata fixes the problem.  The description for the patch says 
nothing specific that would have lead me to believe that it fixed this 
problem.  It does mention that it fixes a "potential" security problem in 
userhelper, but I don't know if this is what was meant.  Thanks for the help.
Comment 5 Bill Nottingham 2000-11-14 14:34:23 EST
OK, resolving as fixed in the errata release.

Note You need to log in before you can comment on or make changes to this bug.