Ubuntu-Chicago Found a hole...

Freddy Martinez freddymartinez9 at gmail.com
Thu Nov 16 01:26:04 GMT 2006

Yea i'd approach the school with the security hole and tell them to fix it
before they find you out you saw the hole. White hat cracking :). I don't
know much about networking though.

On 11/15/06, Eric O'Neal <fyedernoggersnodden at gmail.com> wrote:
> Mmkay, at my University, SSH access to the UNIX servers (With limited
> privilidges, of course) is dolled out freely to all students (I don't think
> it should be, but whatever).  All they have to do is log onto a web
> interface, set a shell, and voila.
> A friend and I, for some reason or another, logged on the other night.
> Out of sheer curiosity, I cd'd into the root directory to see what all I had
> read access to.  Just about everything, it seems.  Being a comp. sci.
> student interested in how things are secured, I view the /etc/passwd file.
> Shaddowed.  Good.
> Here's the kicker.  My buddy, with the same non-malicious curiosity, typed
> "ypcat".
> Wham.  The encrypted passwords of 9,000 or so users hit his LCD, coming
> stright from the NIS Domain server, core of the University's authentication
> system (The Windows domain copies the NIS domain).
> !!?!
> I downloaded John the Ripper and had some fun with it, finding 30 or so
> blank passwords, among others.  However, I have no reason to keep those
> passwords, as I've never been tempted to try and feel "powerful" by holding
> such data.  I deleted the encrypted pass's from my hard disk an hour later,
> but the security hole is still there.
> I don't know much about NIS, so I installed a server on my Ubuntu box, and
> cliented my FreeBSD box to test it.  When I do "ypcat" from my client here
> at home, it doesn't display the passwords, but a little friendly 'x' instead
> amongst the user data.  They seem to be shaddowed off, or something of that
> sort.
> Like I said, NIS is a black box to me.  Is my Ubuntu ypserve really immune
> to getting passwords via ypcat?  And, if so, would there be a simple way to
> shaddow off the passwords on a Solaris 7 server, which seems to be what
> they're running?
> This whole situation sounds dangerously similar to the gig Red_Herring got
> himself into a while back at his high school... how'd his hearing go, btw?
> I work programming for one the departments, and my friend works in campus
> IT, so I think we'll be okay if we go talk to the admin about it (I'd like
> to know it's solvable first), though we may have technically violated the
> policy already.
> Cheerio and advice welcome,
> SigmaX
> PS:  Sry I haven't made it to a meeting.  I'm in SW Michigan, remember,
> and so bogged down with classes that I didn't even realize there was a chat
> meeting 'till it was too late...
> --
> My home page:  http://www.SigmaX.org
> "ttocs laeno cire oshkosh b'gosh fyedernoggersnodden nicht stein bon
> probiscus"
> "Education is what remains after one has forgotten everything he learned
> in school"
>               -- Albert Einstein
> --
> Ubuntu-us-chicago mailing list
> Ubuntu-us-chicago at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-chicago

-Freddy Martinez-
Kubuntu. [GNU/]Linux for human beings.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-us-chicago/attachments/20061115/437d97ec/attachment.htm 

More information about the Ubuntu-us-chicago mailing list