From owner-freebsd-bugs  Wed Oct 10 12:10:14 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 3D72C37B40C
	for <freebsd-bugs@hub.freebsd.org>; Wed, 10 Oct 2001 12:10:01 -0700 (PDT)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f9AJA1P34206;
	Wed, 10 Oct 2001 12:10:01 -0700 (PDT)
	(envelope-from gnats)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 46BDD37B401
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f9AJ5aO33641;
	Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110101905.f9AJ5aO33641@freefall.freebsd.org>
Date: Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
From: David Ljung Madison <freebsd.org@daveola.com>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-1.0
Subject: misc/31204: FreeBSD login will display secure log notices before password is given
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-bugs.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-bugs>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-bugs>
X-Loop: FreeBSD.org


>Number:         31204
>Category:       misc
>Synopsis:       FreeBSD login will display secure log notices before password is given
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 10 12:10:01 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     David Ljung Madison
>Release:        4.4
>Organization:
MarginalHacks.com
>Environment:
FreeBSD ***.com 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Tue Sep 18 11:57:08 PDT 2001
murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386
>Description:
First of all, I should point out that I don't actually run FreeBSD as
my unix flavor, I was working on a friend's machine. If you try to login as root, you can see security warnings that only
root should see before you ever enter your password. An obvious exploit would be to login to the machine, enter "root" at
the login prompt, then sit back and watch security messages, which could
be very useful to an attacker to learn about what kind of security the
system has implemented
>How-To-Repeat:
Make a bad attempt to login to some account (use the wrong password).  Then
try to login as root - you will see the "bad login" message after you enter
the "login:" prompt but before you type a password.
>Fix:
Dunno - don't have a FreeBSD system.  Presumably the login exec is doing a
setuid before it actually verifies the password?
>Release-Note:
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message