[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ADVISORY: shadow file vulnerability: cause & workaround
- Subject: [cobalt-security] ADVISORY: shadow file vulnerability: cause & workaround
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon, 11 Feb 2002 10:34:24 -0800
- Organization: nobaloney.net
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
We've determined during actual production testing that the CMU restore
mode is setting the cobalt /etc/shadow file to be world-readable.
While we determined this during the first few minutes of a lengthy
restore, we were unwilling to change it back because we didn't know if
and how this would affect the restoration.
This creates a security issue in that a world-readable shadow file
allows possible exposure of all your system and user passwords to any
malicious intruder.
Most passwords, created by security-insensitive users, and even many
admin/root passwords, can be complete cracked in several hours or less
using freely available code such as John the Ripper.
Nobaloney.Net suggests the following workaround:
Before restoring files to your Cobalt RaQ appliance using the CMU you
should remove your Cobalt RaQ from the public Internet if at all
possible.
Immediately after the CMU is finished running, you should run the
following two commands on your RaQ (as root):
# chmod 400 /etc/shadow
# chmod 600 /etc/shadow-
We have notified the proper personnel at Sun/Cobalt of this
vulnerability, but have not yet received a reply.
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net
P. O. Box 52672, Riverside, CA 92517
voice: (909) 778-9980 * fax: (702) 548-9484