• info
• discussion
• exploit
• solution
• references

RedHat PAM NIS Locked Accounts Vulnerability

Under some network configurations it may be possible to access locked NIS accounts due to a vulnerability in the PAM authentication modules shipped with RedHat version 6.1. This can lead to a local compromise where the password is known for a locked account. RedHat 6.1 for Intel platforms is the only vulnerable version.