COMMAND
telnet
SYSTEMS AFFECTED
RedHat 4.0
PROBLEM
Remote Users can find out what accounts exist in system by using
login services (telnet for example). When login get's unknown
username error from PAM library it will die immediately.
Example:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Red Hat Linux release 4.0 (Colgate)
Kernel 2.0.24 on an i586
login: bug
Password:
Login incorrect
Connection closed by foreign host.
When submitted with a correct username, login will behave
normally:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Red Hat Linux release 4.0 (Colgate)
Kernel 2.0.24 on an i586
login: root
Password:
Login incorrect
login:
login:
login:
login:
SOLUTION
This has been fixed in util-linux-2.5-34
http://www.redhat.com/support/docs/rhl/rh41-errata-general.html#NetKit-B,util-linux,passwd