4270011 1999-09-02  00:59  /55 rader/ Postmaster
Mottagare: Bugtraq (import) <7577>
Ärende: RH 6.0 shadow passwords and locking users bug
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID:  <19990830210735.27311.rocketmail@attach1.rocketmail.com>
Date:         Mon, 30 Aug 1999 14:07:35 -0700
Reply-To: Prince Ctrl <princectrl@ROCKETMAIL.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Prince Ctrl <princectrl@ROCKETMAIL.COM>
X-To:         bugtraq@netspace.org
To: BUGTRAQ@SECURITYFOCUS.COM

Aleph,

I do not know whether this has been reported to the list, so I thought
I'd throw it out and see if anyone may know of a solution, and/or care
to have a technical discussion concerning this bug.

When administering a Red Hat 6.0 server and locking users with the
'passwd -l <user>' command, and then unlocking a user with the 'passwd
-u <user>' command, a control character is added to the end of a
users' encrypted password in the form of a "^Q" in the shadowed passwd
file.

In our tests, we have found that this only occurs once the user has
been "unlocked". It happens whether you are using MD5 encryption or
DES...it doesn't matter.

I have forwarded this to our Sr. Systems Administrator who said he was
going to contact Red Hat today. Confirmation of that call is unknown.

OS affected/tested: Red Hat 6.0
Possible problem: It could either be the fact that the 'passwd' binary
is actually adding ^Q to the end of a users encrypted password, or it
may be something with the way pam is handling this. I know that pam
has some .so files which deal with shadowed passwords, but I am no pam
expert, so if anyone has some suggestions, corrections, etc., please
inform me...

Possible solution: Unknown

If anyone has any ideas on how to fix this, please let me know...

===
PrinceC
Security Administrator
princectrl@rocketmail.com






_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
(4270011) -----------------------------------
4270087 1999-09-02  02:25  /34 rader/ Postmaster
Mottagare: Bugtraq (import) <7579>
Ärende: RH 6.0 shadowed users and user lock bug fix
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-ID:  <19990830211950.28859.rocketmail@attach1.rocketmail.com>
Date:         Mon, 30 Aug 1999 14:19:50 -0700
Reply-To: Prince Ctrl <princectrl@ROCKETMAIL.COM>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: Prince Ctrl <princectrl@ROCKETMAIL.COM>
X-To:         bugtraq@netspace.org
To: BUGTRAQ@SECURITYFOCUS.COM

Aleph,

After confirming with our Sr. Systems Admin, RedHat was contacted and
they confirmed that it was indeed a bug within 'passwd'. You can
download the new version of passwd and it will fix this problem.

http://people.redhat.com/~smooge/passwd-0.60-1.i386.rpm



===
PrinceC
Security Administrator/Consultant
princectrl@rocketmail.com






_________________________________________________________
DO YOU YAHOO!?
Get your free @yahoo.com address at http://mail.yahoo.com
(4270087) -----------------------------------