Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 1504 - PAM bug leads to root comprimise
Summary: PAM bug leads to root comprimise
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High blocker (vote)
Assignee: Daniel Robbins (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-04-03 12:43 UTC by Scott Moynes
Modified: 2003-02-04 19:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Scott Moynes 2002-04-03 12:43:25 UTC 
I can login 3 times with a bad password as a user, then the fourth time
correctly and the user gets a root shell.
Comment 1 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:06:35 UTC 
what version of pam are you using?
Comment 2 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:12:28 UTC 
marking as later just to hide this until it's fixed.
Comment 3 Scott Moynes 2002-04-03 14:57:46 UTC 
sys-libs/pam-0.75-r5 


It only seems to occur through login, which minimizes its danger, I suppose.
Comment 4 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 22:15:32 UTC 
we have a new shadow that fixes this now.
Comment 5 Donny Davies (RETIRED) gentoo-dev 2002-04-14 02:27:04 UTC 
this is all fixed.