home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!decwrl!sdd.hp.com!cs.utexas.edu!uwm.edu!spool.mu.edu!yale.edu!yale!gumby!destroyer!news.iastate.edu!hobbes.physics.uiowa.edu!moe.ksu.ksu.edu!matt.ksu.ksu.edu!news
- From: probreak@matt.ksu.ksu.edu (James Michael Chacon)
- Newsgroups: comp.security.misc
- Subject: Re: Forging E-mail from root to get users to change passwords
- Date: 5 Nov 1992 00:20:50 -0600
- Organization: Kansas State University
- Lines: 21
- Message-ID: <1daeg2INN95t@matt.ksu.ksu.edu>
- References: <82930@ut-emx.uucp> <ratner.720811773@ficus.cs.ucla.edu> <92309.193737CXF111@psuvm.psu.edu>
- NNTP-Posting-Host: matt.ksu.ksu.edu
-
- Charles Fee <CXF111@psuvm.psu.edu> writes:
-
- >Why would a hacker (who apparently has root access) need to tell users to
- >change their password? On my system (Linux) all root has to do is wipe out
- >the users' old password and then the account is free. You could then log in
- >as that user without a password and run the passwd program to change it to
- >whatever the cracker feels like doing. Similarly, couldn't this also be
- >done to the root password as well? This is all assuming that there is a
- >normal /etc/passwd file. I don't know what the story is with Yellow Pages..
- >If a user has access to the passwd file, he can change the users group Id to
- >0, too no?
-
- >I'm curious as to (if the above is correct) what can be done to cut down the
- >chances of such an attack..
-
- I think you missed the point he was trying to make. Anyone with enough
- expertise can forge mail that looks to the normal user as is it came from
- root. I don't even have to have access to your machine, just your mail
- port to do this. Then, to joe-user it appears as is root sent the mail.
-
- James
-
