[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround
- Subject: [cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround
- From: "Troy Arnold" <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 13 Feb 2002 10:59:18 -0800
- Organization: websetters, inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi. Okay. Ran the recommended chmod on my shadow files since the this system
was setup and all of the sites were imported with CMU some time ago.
I downloaded the patch from Jeffs site...
Fix for CMU security problem, as root do the following:
$ wget ftp://ftp.cobaltnet.com/pub/users/jeffb/cmu/shadowfix.patch
$ patch -p0 shadowfix.patch
But when I run the command
$ patch -p0 shadowfix.patch
My system just sits there and does nothing, no response, nothing. I run top
and it is not in the process list. Anyone have a similar problem? Ideas?
Anyone hacked because of this yet? I was on vacation for a week and just
returned so I am afraid my RAQ has been really vulnerable for the last week
(since everyone was notified of the issue). We setup this machine using CMU
and never thought twice to check the shadow permissions (until the
discussion camed up under another thread over the last month or so). Is
there a general notification about this out there somewhere beside the
security lists?
Thanks in advance & best regards,
Troy Arnold