From owner-freebsd-bugs  Sun Dec 20 01:20:05 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA20160
          for freebsd-bugs-outgoing; Sun, 20 Dec 1998 01:20:05 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA20106
          for <freebsd-bugs@FreeBSD.org>; Sun, 20 Dec 1998 01:20:00 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from Unknown UID 563@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id BAA16130;
	Sun, 20 Dec 1998 01:20:01 -0800 (PST)
Received: (from nobody@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id BAA19812;
          Sun, 20 Dec 1998 01:15:59 -0800 (PST)
          (envelope-from nobody)
Message-Id: <199812200915.BAA19812@hub.freebsd.org>
Date: Sun, 20 Dec 1998 01:15:59 -0800 (PST)
From: sysadmin@mfn.org
To: freebsd-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: www-1.0
Subject: i386/9141: Failed login attempts do not log (via syslog) until the next time a valid username is received.
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         9141
>Category:       i386
>Synopsis:       Failed login attempts do not log (via syslog) until the next time a valid username is received.
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Dec 20 01:20:01 PST 1998
>Last-Modified:
>Originator:     J.A. Terranson
>Organization:
Missouri FreeNet
>Release:        2.2.5-R
>Environment:
FreeBSD 2.2.5-RELEASE (SUPPORT) #0: Thu Dec 17 23:14:31 CST 1998 
>Description:
Faild login attempts are not logged until a valid username is recieved, allowing a penetration attempt on a login-silent system (like a name server, where this occurred) to go on for extended periods of time unnoticed.
>How-To-Repeat:
on a quiescent system, make as many bad login attempts as you like,
while watching the syslog output: it will be silent.  Syslog will finally make it's report immediately *after* a valid username is entered.
>Fix:
Report failed login attempts immediately, rather than trying to save syslog bytes by reporting only the cumulative total.
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message