7257638 2001-10-08 16:52 +0300 /46 rader/ Devrim SERAL <devrim.seral@gantek.com> Sänt av: joel@lysator.liu.se Importerad: 2001-10-09 07:24 av Brevbäraren Extern mottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <19390> Ärende: pam_limits.so Bug!! ------------------------------------------------------------ From: Devrim SERAL <devrim.seral@gantek.com> To: bugtraq@securityfocus.com Message-ID: <3BC1AFB9.3FF88F86@gantek.com> Devrim SERAL wrote: > > Hi , > > Today i found some interesting bug when i tried to use pam_limits.so in > login pam configuration. > > Today one of my user warn me that when he log on the our Linux server he > gain > my rights. Firstly i think someone break our system. But when i checked > all logs > i didn't found any break sign. > > Then i think xinetd or in.telnetd have some bug. I checked all updates > from redhat and > found that we are on lastest patch level at all packets.. > > Next i have disable telnetd from xinetd to all Lan and only permit to > access from my IP number. And check all possibility. > > Finally i found that only student groups member gain console or pts/0 > rights.. > And i remember at weekend i have changed /etc/security/limits.conf for > limit our student > maxlogin count to two. > > Only i added below line to this file: > @student hard maxlogins 2 > > And also added below line to pam configuration of login: > session required pam_limits.so > > When i comment pam_limits.so related line the problem solved.. > > I wonder that if its related only for our server or pam module specific? > > devrim > > Note: The server run on Redhat 7.1 Kernel 2.4.10 and all packets at > lastest patch level. (7257638) /Devrim SERAL <devrim.seral@gantek.com>/-- Kommentar i text 7261325 av Solar Designer <solar@openwall.com> 7261325 2001-10-09 09:10 +0400 /62 rader/ Solar Designer <solar@openwall.com> Sänt av: joel@lysator.liu.se Importerad: 2001-10-09 17:31 av Brevbäraren Extern mottagare: Devrim SERAL <devrim.seral@gantek.com> Extern kopiemottagare: bugtraq@securityfocus.com Mottagare: Bugtraq (import) <19394> Kommentar till text 7257638 av Devrim SERAL <devrim.seral@gantek.com> Ärende: Re: pam_limits.so Bug!! ------------------------------------------------------------ From: Solar Designer <solar@openwall.com> To: Devrim SERAL <devrim.seral@gantek.com> Cc: bugtraq@securityfocus.com Message-ID: <20011009091027.A1267@openwall.com> On Mon, Oct 08, 2001 at 04:52:57PM +0300, Devrim SERAL wrote: Several people(*) have contributed to investigating this issue during the past month. It is an util-linux login bug, not a pam_limits one. You should expect a fixed util-linux package soon. (*) Nalin Dahyabhai, Andreas Hasenack, Rafal Wojtczuk, Olaf Kirch, and me. Openwall GNU/*/Linux is not affected and never was. We don't use that login. :-) > Devrim SERAL wrote: > > > > Hi , > > > > Today i found some interesting bug when i tried to use pam_limits.so in > > login pam configuration. > > > > Today one of my user warn me that when he log on the our Linux server he > > gain > > my rights. Firstly i think someone break our system. But when i checked > > all logs > > i didn't found any break sign. > > > > Then i think xinetd or in.telnetd have some bug. I checked all updates > > from redhat and > > found that we are on lastest patch level at all packets.. > > > > Next i have disable telnetd from xinetd to all Lan and only permit to > > access from my IP number. And check all possibility. > > > > Finally i found that only student groups member gain console or pts/0 > > rights.. > > And i remember at weekend i have changed /etc/security/limits.conf for > > limit our student > > maxlogin count to two. > > > > Only i added below line to this file: > > @student hard maxlogins 2 > > > > And also added below line to pam configuration of login: > > session required pam_limits.so > > > > When i comment pam_limits.so related line the problem solved.. > > > > I wonder that if its related only for our server or pam module specific? > > > > devrim > > > > Note: The server run on Redhat 7.1 Kernel 2.4.10 and all packets at > > lastest patch level. -- /sd (7261325) /Solar Designer <solar@openwall.com>/-----