Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 1504 - PAM bug leads to root comprimise
Summary: PAM bug leads to root comprimise
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: x86 Linux
: High blocker (vote)
Assignee: Daniel Robbins (RETIRED)
Depends on:
Reported: 2002-04-03 12:43 UTC by Scott Moynes
Modified: 2003-02-04 19:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Scott Moynes 2002-04-03 12:43:25 UTC
I can login 3 times with a bad password as a user, then the fourth time
correctly and the user gets a root shell.
Comment 1 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:06:35 UTC
what version of pam are you using?
Comment 2 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 14:12:28 UTC
marking as later just to hide this until it's fixed.
Comment 3 Scott Moynes 2002-04-03 14:57:46 UTC

It only seems to occur through login, which minimizes its danger, I suppose.
Comment 4 Daniel Robbins (RETIRED) gentoo-dev 2002-04-03 22:15:32 UTC
we have a new shadow that fixes this now.
Comment 5 Donny Davies (RETIRED) gentoo-dev 2002-04-14 02:27:04 UTC
this is all fixed.