lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20020905191156.Q26925@netsys.com>
From: len at netsys.com (Len Rose)
Subject: [kbelanger@...icon.ca: [VulnWatch] vuln in login under solaris]

This is bullshit. I tested this using Solaris 8 just now.

I tested it with both Solaris 8 sparc and Solaris 8 intel.

How can you let this pass, you're a moderated list. 



----- Forwarded message from Keven Belanger <kbelanger@...icon.ca> -----

Received: from vikki.vulnwatch.org ([199.233.98.101])
	by netsys.com (8.11.6/8.11.6) with SMTP id g85G2CK19967
	for <len@...sys.com>; Thu, 5 Sep 2002 12:02:12 -0400 (EDT)
Received: (qmail 24111 invoked by alias); 5 Sep 2002 16:46:11 -0000
Mailing-List: contact vulnwatch-help@...nwatch.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:vulnwatch@...nwatch.org>
List-Help: <mailto:vulnwatch-help@...nwatch.org>
List-Unsubscribe: <mailto:vulnwatch-unsubscribe@...nwatch.org>
List-Subscribe: <mailto:vulnwatch-subscribe@...nwatch.org>
Delivered-To: mailing list vulnwatch@...nwatch.org
Delivered-To: moderator for vulnwatch@...nwatch.org
Received: (qmail 18991 invoked from network); 5 Sep 2002 16:18:35 -0000
X-Authentication-Warning: avd.Logicon.CA: mail set sender to <kbelanger@...icon.ca> using -f
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C254F1.0C94CFE9"
Date: Thu, 5 Sep 2002 11:29:39 -0400
Message-ID: <E32C9069AF5CBC44ABDDDF0D3E1C0735292143@...-vd-dc01.logicon.ca>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: vuln in login under solaris
Thread-Index: AcJU8QwqfnT+ZTzPTtm8WFZxYxpWuQ==
Sensitivity: Company-Confidential
From: "Keven Belanger" <kbelanger@...icon.ca>
To: <vulnwatch@...nwatch.org>
Subject: [VulnWatch] vuln in login under solaris

Name                           : Keven Belanger
 E-mail                         : kbelanger@...icon.ca
 Phone / fax                  : (819) 825-8049 x7717
 Affiliation and address: Logicon inc.
                                     100, des Distributeurs
                                     Val-d'Or (Quebec)
                                     Canada J9P 6Y1
 
Have you reported this to the vendor?  yes
 
        If so, please let us know whom you've contacted:
 
            Date of your report         : September 05, 2002
            Vendor contact e-mail    : security-alert@....com
            
CERT have been advised too...
 
Please describe the vulnerability.
---------------------------------
Unlike other unix based OS, when Solaris authenticate the user it let
the user
came in even if the password is not really "correct" Let me explain:
My username is sysadmin
My password is qwerty
If I log on with sysadmin/qwerty it work
If I log on with sysadmin/qwert123 it work too!
We can add any caracter after the currect password and it work!!
 
What is the impact of this vulnerability?
----------------------------------------
 (For example: local user can gain root/privileged access, intruders 
  can create root-owned files, denial of service attack,  etc.)
 
   a) What is the specific impact:
      User can gain root access
 
   b) How would you envision it being used in an attack scenario:
      User can gain root access via brute force password attack
      If the attacker try 8 caracter brute force attack it will for
      for password that have less that 8 caracter too, so it can gain
      root access faster.
      He don't have to try password with 1, 2, 3, 4... caracteres,
      try something beetween 8 and 10 et voila...
 
 
            System            : SUN Solaris
            OS version        : 8 for Sparc and intel, not tested with other version
            Verified/Guessed: Verified
 
 
For more infoamtion/explanation call me or write a email
 
K?ven Belanger
Analyste en solutions de s?curit?
Logicon Inc. - Division S?curit?
819.825.8049 x7717
800.567.6399 x7717
 

----- End forwarded message -----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ