[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: KDE Screensaver vulnerability
From: Henrik Nordstrom <hno () HEM ! PASSAGEN ! SE>
Date: 1998-11-19 0:22:22
[Download RAW message or body]
Jason Axley wrote:
>
> So, it sounds like now malicious users who can't read /etc/shadow in
> order to grab encoded passwords to crack them can just do brute-force
> password guessing without any lockout or auditing by simply piping
> password guesses to the setuid kcheckpass program which will happily
> check them against the shadow entries for correctness.
If I understands it correctly they can only brute-force their own
password... But if kcheckpass can be used to check any users password
then I agree that this is a security risk.
> Or maybe it would give up pieces of /etc/shadow from memory if
> you could get it to coredump...
Only if your run it on a system which allows coredumps for a suid/sgid
program, which I think every one has agreed is a security risk in its
own.
And I also agree that kcheckpass should delay if the password is
incorrect. This is to slow down any attempts to manually bruteforce a
screen saver or any thing else relying on kcheckpass. It won't give any
added security to the kcheckpass program, but to every program that uses
it.
---
Henrik Nordstrom
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic