Date: Sun, 20 Dec 1998 01:15:59 -0800 (PST) From: sysadmin@mfn.org To: freebsd-gnats-submit@FreeBSD.ORG Subject: i386/9141: Failed login attempts do not log (via syslog) until the next time a valid username is received. Message-ID: <199812200915.BAA19812@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 9141 >Category: i386 >Synopsis: Failed login attempts do not log (via syslog) until the next time a valid username is received. >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Dec 20 01:20:01 PST 1998 >Last-Modified: >Originator: J.A. Terranson >Organization: Missouri FreeNet >Release: 2.2.5-R >Environment: FreeBSD 2.2.5-RELEASE (SUPPORT) #0: Thu Dec 17 23:14:31 CST 1998 >Description: Faild login attempts are not logged until a valid username is recieved, allowing a penetration attempt on a login-silent system (like a name server, where this occurred) to go on for extended periods of time unnoticed. >How-To-Repeat: on a quiescent system, make as many bad login attempts as you like, while watching the syslog output: it will be silent. Syslog will finally make it's report immediately *after* a valid username is entered. >Fix: Report failed login attempts immediately, rather than trying to save syslog bytes by reporting only the cumulative total. >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199812200915.BAA19812>