COMMAND

    telnet

SYSTEMS AFFECTED

    RedHat 4.0

PROBLEM

    Remote Users can find out what accounts exist in system by using
    login services (telnet for example).  When login get's unknown
    username error from PAM library it will die immediately.

        Example:
        Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.

        Red Hat Linux release 4.0 (Colgate)
        Kernel 2.0.24 on an i586
        login: bug
        Password:

        Login incorrect
        Connection closed by foreign host.

    When submitted with a correct username, login will behave
    normally:

        Trying 127.0.0.1...
        Connected to localhost.
        Escape character is '^]'.

        Red Hat Linux release 4.0 (Colgate)
        Kernel 2.0.24 on an i586
        login: root
        Password:
        Login incorrect

        login:
        login:
        login:
        login:

SOLUTION

    This has been fixed in util-linux-2.5-34

        http://www.redhat.com/support/docs/rhl/rh41-errata-general.html#NetKit-B,util-linux,passwd