On Sunday 16 January 2005 22:24, Justin Pryzby wrote: > On Sun, Jan 16, 2005 at 09:51:44PM +0200, Stefanos Harhalakis wrote: > > Package: login > > Version: 1:4.0.3-30.7 > > Severity: critical > > Tags: security > > Justification: root security hole > > > > > > It seems that /var/log/btmp is created as a world readable file. > > This is insecure (and it is reported by 'tiger') because this file > > contains failed logins , including unknown usernames. > > Aren't the usernames alwyas visible in /etc/password? > > > It is possible for a user to see the root password (and others too) > > by running /usr/bin/lastb. > > lastb isn't show me any passwords; just valid usernames as seen in > passwd and dates.
It also contains unknown usernames. This includes any logins that you've entered the password (or something else) as the username. If you enter "test123" as the username then the btmp will contain the word 'test123' which can be your root or user password. > Justin <<V13>>
pgpQ188b6wp1p.pgp
Description: PGP signature
