Vigil@nce: Slackware, denial of service via lastlog/faillog
April 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
On Slackware, a local attacker can use the lastlog/faillog
commands, in order to change limits, so the administrator cannot
access to the system.
– Severity: 1/4
– Creation date: 11/04/2011
IMPACTED PRODUCTS
- Slackware Linux
DESCRIPTION OF THE VULNERABILITY
The lastlog command displays information about the last
authentications of a user. The faillog command displays
authentication errors.
These command also allow the administrator to define the maximal
number of authentication failures, before locking an account.
However, on Slackware, all users can use this feature. A local
attacker can thus define a low trial number, and then try to
connect to an account, in order to lock it.
On Slackware, a local attacker can therefore use the
lastlog/faillog commands, in order to change limits, so the
administrator cannot access to the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Slackware-denial-of-service-via-lastlog-faillog-10531