HPUX rexecd bug on trusted system

Kevin K. Sochacki (kksocha@ERENJ.COM)
Fri, 05 Dec 1997 17:28:18 -0500

This is a multi-part message in MIME format.

Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit


I have discovered a bug in rexecd on system running HPUX 10.20 that have
been converted to trusted systems.

On unsuccessful login attempts via rexec/rexecd the bad login counter
(u_numunsuclog) is updated as it should, however on any successful login
the bad login counter does not get cleared. So if users inadvertently
miss type their password even once between successful logins they will
eventually be locked out. Lockouts should only occur when consecutive
unsuccessful logins exceed the allowed bad logins.

For those of you how have converted to a trusted system and have not
applied patch PHNE_12161 you are vulnerable to a brut force attack of
guessing password via rexec. Patch PHNE_12161 fix a problem of not
updating the bad login counter (u_numunsuclog) circumvent the lockout
feature of unsuccessful user logins.

This problem has been report to HP and is currently being addressed.

:)**************************(: Exxon Research & Engineering
(:    _/_/_/ _/_/     _/_/_/:) Kevin K. Sochacki
:)   _/     _/  _/   _/     (: ICS CC124 (908) 730-2911
(:  _/_/_/ _/ _/  & _/_/_/  :) mailto:kksocha@erenj.com
:) _/     _/_/     _/       (:   PERSONAL
(:_/_/_/ _/  _/   _/_/_/    :) mailto:kks@superlink.net
:)**************************(: http://mars.superlink.net/kks

--Boundary_(ID_q9pgeVeYDYMzgFc9RLLf+w) Content-type: text/x-vcard; name=vcard.vcf; charset=us-ascii Content-description: Card for Kevin Sochacki Content-disposition: attachment; filename=vcard.vcf Content-transfer-encoding: 7bit

begin: vcard fn: Kevin Sochacki n: Sochacki;Kevin org: Exxon Research & Engineering adr: Route 22 East;;;Annandale;NJ;08801;USA email;internet: kksocha@erenj.com title: Contractor tel;work: (908) 730-2911 tel;fax: (908) 730-3823 tel;home: (908) 874-8414 x-mozilla-cpt: ;0 x-mozilla-html: TRUE end: vcard