[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1783071671.20020915193023@cerber.no>
From: misha at cerber.no (Mikhail Iakovlev)
Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT
Hello ppan,
Sunday, September 15, 2002, 6:22:15 PM, you wrote:
This is a bullshit.
/proc/kcore is like an "alias" for the memory in your computer. Its
size is the same as the amount of RAM you have, and if you read it as
a file, the kernel does memory reads.
The whole /proc file system is virtual. In short it provides information about your computer configuration.
Don't worry, it does not actually occupy your computer's resources, except some memory.
And removing this file...hah, I'd love to see how you do it, since
file is sort of linked to actual memory.
You will get something like "Operation not permitted" or "Access
denied" (sorry folks, don't have Linux box in hands right now).
Besides, if you cat /etc/shadow, it's content will be written in swap
partition/file (depending how you configured your system). Is it a
flaw too?:)))
Ask yourself, why both of these files have no group or others access?
Ever occured to you that this could have made on purpose?
Guys, don't take this alarm seriously, is another attempt for hoax and
make you do something that you don't want to try or understand.
P.S.
PPan, you're full of shit :)
phc> -----BEGIN PGP SIGNED MESSAGE-----
phc> Hash: SHA1
phc> oops, someone edited my mail
phc> .-( <-- oneeyed pirate
phc> the fix is of course: rm -rf /proc/kcore
>>
>>Problem: Linux stores your passwords in plaintext
>> See proof of concept exploit below
>>
>>Fix: rm -rf /dev/kmem
>>
>>
>>Demonstration:
>>
>>---flic---
>>bash$ ./passcheck.sh secret
>>checkpass v1.5
>>Proves that kmem leakes your passwords
>>Needs to be run as root
>>By etah^etihw aka peter-pan
>>
>>Checking for password 'secret'
>>Binary file /proc/kcore matches
>>-flac-
>>
>>OMG!!!! it matches!!!
>>Please don't tell anyone my root password because
>>I cant change it because i deleted the passwd program
>>because i thougt that it is vulnerable but I
>>think it was not vulnerable but i cant get it because
>>I have to port undel.exe to lunix first.
>>
>>Here is the 0-DAY exploit!
>>Please do not abuse!!!
>>
>>---click---
>>#!/bin/bash
>>
>># POC exploit
>># shows kmem is a fscking leaker!
>>
>>echo "checkpass v1.5";
>>echo "proves that kmem leakes your passwords";
>>echo "needs to be run as root";
>>echo "by etah^etihw";
>>echo " ";
>>
>>echo "checking for password '$1'";
>>grep $1 /proc/kcore
>>---clack---
>>
>>(do not forget to make 'chmod +x passcheck.sh'!!)
>>
>>
>>Greets:
>>zisss (you are the man bro!!)
>>drater (mad resopectz to yu0!!)
>>verb (wuz up? your a.t. owns me ass!!)
>>jchrist (your dad > *)
>>
>>regards
>>Peter Pan
phc> -----BEGIN PGP SIGNATURE-----
phc> Version: Hush 2.1
phc> Note: This signature can be verified at https://www.hushtools.com
phc> wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O
phc> iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w==
phc> =ZL7v
phc> -----END PGP SIGNATURE-----
phc> Get your free encrypted email at https://www.hushmail.com
phc> _______________________________________________
phc> Full-Disclosure - We believe in it.
phc> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
Best regards,
Mikhail mailto:misha@...ber.no
Powered by blists - more mailing lists