[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

WARNING: ppp-2.3.11-1.4 bypassing authentication



Hello,

bug #61717 (3 Apr 2000) reported to the bug tracking system
is still alive.  It is rated "normal" here, but if you ask
me, it should be "security alert" - or some such ...


Description:

pppd is being called by mgetty as:
/usr/sbin/pppd auth -chap +pap login debug


Sep 26 20:31:11 bgsz pppd[19748]: pppd 2.3.11 started by a-ppp, uid 0
Sep 26 20:31:11 bgsz pppd[19748]: Using interface ppp0
Sep 26 20:31:11 bgsz pppd[19748]: Connect: ppp0 <--> /dev/ttyD1
Sep 26 20:31:11 bgsz pppd[19748]: sent [LCP ConfReq id=0x1 <asyncmap 0x0>
<auth pap> <magic 0xc6dba499> <pcomp> <accomp>]
^^^^^^^^^^
Sep 26 20:31:12 bgsz pppd[19748]: rcvd [LCP ConfNak id=0x1 <auth chap 81>]
                                            ^^^^^^^         ^^^^^^^^^^^^^
Sep 26 20:31:12 bgsz pppd[19748]: sent [LCP ConfReq id=0x2 <asyncmap 0x0>
<magic 0xc6dba499> <pcomp> <accomp>]
Sep 26 20:31:12 bgsz pppd[19748]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0>
<magic 0xc6dba499> <pcomp> <accomp>]
Sep 26 20:31:14 bgsz pppd[19748]: rcvd [LCP ConfReq id=0x0 <asyncmap 0x0>
<magic 0x5e70> <pcomp> <accomp> <callback CBCP>]
Sep 26 20:31:14 bgsz pppd[19748]: sent [LCP ConfRej id=0x0
<callback CBCP>]
Sep 26 20:31:14 bgsz pppd[19748]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0>
<magic 0x5e70> <pcomp> <accomp>]
Sep 26 20:31:14 bgsz pppd[19748]: sent [LCP ConfAck id=0x1 <asyncmap 0x0>
<magic 0x5e70> <pcomp> <accomp>]
Sep 26 20:31:14 bgsz pppd[19748]: sent [LCP EchoReq id=0x0
magic=0xc6dba499]
Sep 26 20:31:14 bgsz pppd[19748]: sent [IPCP ConfReq id=0x1

[ .. stuff deleted .. ]

Sep 26 20:31:15 bgsz pppd[19748]: found interface eth0 for proxy arp
Sep 26 20:31:15 bgsz pppd[19748]: local  IP address 999.99.99.99
Sep 26 20:31:15 bgsz pppd[19748]: remote IP address 999.99.99.66
Sep 26 20:31:15 bgsz pppd[19748]: Script /etc/ppp/ip-up started
(pid 19867)
Sep 26 20:31:15 bgsz pppd[19748]: Script /etc/ppp/ip-up
finished (pid 19867), status = 0x0

The link is up now - and stays up.  There is NO authentication
through PAM going on.

(Bug report #61717 contains a more complete log)

---
Regards
Erich



Reply to: