Date: Fri, 04 Jan 2002 07:18:55 +0300 From: "Дмитрий Подкорытов" <podkorytov@mail.ru> To: freebsd-security@FreeBSD.ORG Subject: nologin hole? Message-ID: <E16MLol-000FEJ-00@f8.mail.ru>
index | next in thread | raw e-mail
Maybe this result my paranoya. ;-) And maybe not. Very posible You can extract use from this. In Free BSD I'am found, that user with disabled terminal entering has login shell named 'nologin'. This is sh script: ==================================================== #!/bin/sh -p # ... # ... echo 'This account is currently not available.' exit 1 ==================================================== My mind about this: 1. In case of breaking this script user has root access to system. (See man sh, key -p ) 2. Password maybe 'viewed' any network analyser in time of users pop3 session with server.(As rule password crypting not use in POP3) 3. Also password maybe hacked bruteforce attack on POP3 daemon. For sucsessful attack on this manner You can append some code to You telnet/ssh for manage connection speed on fly.Or try use tcpwrapper for this. Setup connection speed = 1 boud. Begin telnet/ssh session .Specify user name and password,break nologin. After succsess setup connection speed as You whishes and work under root permission. Solution for protect from this attack:install this programm. For install just make install. You may use this in silence mode. Then compile with -DSILENCE_MODE key. Program distributed on GPL as is. Without any guarantees. At URL: http://org.zaural.ru You can find some usefull programs. My best wishes. Dmitry Podkorytov. E-mail:podkorytov@mail.ru PS:on FreeBSD v.4.1 ps -x not viewed programms, thats running code function Exit(), called from atexit(Exit). It Bug ? I used top command for view PID NoLogin. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the messagehelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16MLol-000FEJ-00>