Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 1504

Summary: PAM bug leads to root comprimise
Product: Gentoo Linux Reporter: Scott Moynes <smoynes>
Component: [OLD] Core systemAssignee: Daniel Robbins (RETIRED) <drobbins>
Status: RESOLVED FIXED    
Severity: blocker    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Scott Moynes 2002-04-03 12:43:25 UTC 
I can login 3 times with a bad password as a user, then the fourth time
correctly and the user gets a root shell.
Comment 1 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:06:35 UTC 
what version of pam are you using?
Comment 2 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:12:28 UTC 
marking as later just to hide this until it's fixed.
Comment 3 Scott Moynes 2002-04-03 14:57:46 UTC 
sys-libs/pam-0.75-r5 


It only seems to occur through login, which minimizes its danger, I suppose.
Comment 4 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 22:15:32 UTC 
we have a new shadow that fixes this now.
Comment 5 Donny Davies (RETIRED) gentoo-dev 2002-04-14 02:27:04 UTC 
this is all fixed.