| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: misha at cerber.no (Mikhail Iakovlev) Subject: ALERT ALERT plaintext passwords in linux ALERT ALERT Hello ppan, Sunday, September 15, 2002, 6:22:15 PM, you wrote: This is a bullshit. /proc/kcore is like an "alias" for the memory in your computer. Its size is the same as the amount of RAM you have, and if you read it as a file, the kernel does memory reads. The whole /proc file system is virtual. In short it provides information about your computer configuration. Don't worry, it does not actually occupy your computer's resources, except some memory. And removing this file...hah, I'd love to see how you do it, since file is sort of linked to actual memory. You will get something like "Operation not permitted" or "Access denied" (sorry folks, don't have Linux box in hands right now). Besides, if you cat /etc/shadow, it's content will be written in swap partition/file (depending how you configured your system). Is it a flaw too?:))) Ask yourself, why both of these files have no group or others access? Ever occured to you that this could have made on purpose? Guys, don't take this alarm seriously, is another attempt for hoax and make you do something that you don't want to try or understand. P.S. PPan, you're full of shit :) phc> -----BEGIN PGP SIGNED MESSAGE----- phc> Hash: SHA1 phc> oops, someone edited my mail phc> .-( <-- oneeyed pirate phc> the fix is of course: rm -rf /proc/kcore >> >>Problem: Linux stores your passwords in plaintext >> See proof of concept exploit below >> >>Fix: rm -rf /dev/kmem >> >> >>Demonstration: >> >>---flic--- >>bash$ ./passcheck.sh secret >>checkpass v1.5 >>Proves that kmem leakes your passwords >>Needs to be run as root >>By etah^etihw aka peter-pan >> >>Checking for password 'secret' >>Binary file /proc/kcore matches >>-flac- >> >>OMG!!!! it matches!!! >>Please don't tell anyone my root password because >>I cant change it because i deleted the passwd program >>because i thougt that it is vulnerable but I >>think it was not vulnerable but i cant get it because >>I have to port undel.exe to lunix first. >> >>Here is the 0-DAY exploit! >>Please do not abuse!!! >> >>---click--- >>#!/bin/bash >> >># POC exploit >># shows kmem is a fscking leaker! >> >>echo "checkpass v1.5"; >>echo "proves that kmem leakes your passwords"; >>echo "needs to be run as root"; >>echo "by etah^etihw"; >>echo " "; >> >>echo "checking for password '$1'"; >>grep $1 /proc/kcore >>---clack--- >> >>(do not forget to make 'chmod +x passcheck.sh'!!) >> >> >>Greets: >>zisss (you are the man bro!!) >>drater (mad resopectz to yu0!!) >>verb (wuz up? your a.t. owns me ass!!) >>jchrist (your dad > *) >> >>regards >>Peter Pan phc> -----BEGIN PGP SIGNATURE----- phc> Version: Hush 2.1 phc> Note: This signature can be verified at https://www.hushtools.com phc> wlkEARECABkFAj2EtAYSHHBwYW5AaHVzaG1haWwuY29tAAoJECqmU44+fV7i+O4AoJ2O phc> iOC5OdOkZEXlmeEV0V8ho+OsAJ94pIMt/I7+BXirHzlwNpheI6kI7w== phc> =ZL7v phc> -----END PGP SIGNATURE----- phc> Get your free encrypted email at https://www.hushmail.com phc> _______________________________________________ phc> Full-Disclosure - We believe in it. phc> Charter: http://lists.netsys.com/full-disclosure-charter.html -- Best regards, Mikhail mailto:misha@...ber.no
Powered by blists - more mailing lists