Title: RedHat su No Logging Vulnerability
Severity: MODERATE
Description:
A vulnerability in PAM allows local malicious users to brute force passwords via the su command without any logging of their activity.
su is a command that allows users to change identifies by supplying a password. If the password is correct su immediately executes a new shell with the identity of the nw user, otherwise it sleeps for a second and then logs an authentication failure to syslog.
Since su sleeps before logging the failure and does not trap SIGINT a user can try a password and if su does not immediately give him a new shell and before one second hits control-c his attempt will not be logged. He can automate the process to brute force passwords.
Its been tested using sh-utils-1.16-14 and pam-0.64-3.
Affected Products:
- RedHat Linux 5.2.0 i386
- RedHat Linux 6.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
