lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1783071671.20020915193023@cerber.no>
From: misha at cerber.no (Mikhail Iakovlev)
Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT

Hello ppan,

Sunday, September 15, 2002, 6:22:15 PM, you wrote:


This is a bullshit.

/proc/kcore is like an "alias" for the memory in your computer. Its
size is the same as the amount of RAM you have, and if you read it as 
a file, the kernel does memory reads. 

The whole /proc file system is virtual. In short it provides information about your computer configuration.
Don't worry, it does not actually occupy your computer's resources, except some memory.
And removing this file...hah, I'd love to see how you do it, since
file is sort of linked to actual memory.

You will get something like "Operation not permitted" or "Access
denied" (sorry folks, don't have Linux box in hands right now).

Besides, if you cat /etc/shadow, it's content will be written in swap
partition/file (depending how you configured your system). Is it a
flaw too?:)))

Ask yourself, why both of these files have no group or others access?
Ever occured to you that this could have made on purpose?

Guys, don't take this alarm seriously, is another attempt for hoax and
make you do something that you don't want to try or understand.

P.S.
PPan, you're full of shit :)

phc> -----BEGIN PGP SIGNED MESSAGE-----
phc> Hash: SHA1

phc> oops, someone edited my mail
phc> .-(     <-- oneeyed pirate
phc> the fix is of course: rm -rf /proc/kcore



>>
>>Problem:  Linux stores your passwords in plaintext
>>          See proof of concept exploit below
>>
>>Fix:      rm -rf /dev/kmem
>>
>>
>>Demonstration:
>>
>>---flic---
>>bash$ ./passcheck.sh secret
>>checkpass v1.5
>>Proves that kmem leakes your passwords
>>Needs to be run as root
>>By etah^etihw aka peter-pan
>>
>>Checking for password 'secret'
>>Binary file /proc/kcore matches
>>-flac-
>>
>>OMG!!!! it matches!!!
>>Please don't tell anyone my root password because
>>I cant change it because i deleted the passwd program
>>because i thougt that it is vulnerable but I
>>think it was not vulnerable but i cant get it because
>>I have to port undel.exe to lunix first.
>>
>>Here is the 0-DAY exploit!
>>Please do not abuse!!!
>>
>>---click---
>>#!/bin/bash
>>
>># POC exploit
>># shows kmem is a fscking leaker!
>>
>>echo "checkpass v1.5";
>>echo "proves that kmem leakes your passwords";
>>echo "needs to be run as root";
>>echo "by etah^etihw";
>>echo "             ";
>>
>>echo "checking for password '$1'";
>>grep $1 /proc/kcore
>>---clack---
>>
>>(do not forget to make 'chmod +x passcheck.sh'!!)
>>
>>
>>Greets:
>>zisss (you are the man bro!!)
>>drater (mad resopectz to yu0!!)
>>verb (wuz up? your a.t. owns me ass!!)
>>jchrist (your dad > *)
>>
>>regards
>>Peter Pan
phc> -----BEGIN PGP SIGNATURE-----
phc> Version: Hush 2.1
phc> Note: This signature can be verified at https://www.hushtools.com

phc> wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O
phc> iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w==
phc> =ZL7v
phc> -----END PGP SIGNATURE-----




phc> Get your free encrypted email at https://www.hushmail.com
phc> _______________________________________________
phc> Full-Disclosure - We believe in it.
phc> Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
Best regards,
 Mikhail                            mailto:misha@...ber.no


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ