[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround

Subject: [cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround
From: "Troy Arnold" <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 13 Feb 2002 10:59:18 -0800
Organization: websetters, inc.
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi. Okay. Ran the recommended chmod on my shadow files since the this system
was setup and all of the sites were imported with CMU some time ago.

I downloaded the patch from Jeffs site...
Fix for CMU security problem, as root do the following:
$ wget ftp://ftp.cobaltnet.com/pub/users/jeffb/cmu/shadowfix.patch
$ patch -p0 shadowfix.patch

But when I run the command
$ patch -p0 shadowfix.patch

My system just sits there and does nothing, no response, nothing. I run top
and it is not in the process list. Anyone have a similar problem? Ideas?

Anyone hacked because of this yet? I was on vacation for a week and just
returned so I am afraid my RAQ has been really vulnerable for the last week
(since everyone was notified of the issue). We setup this machine using CMU
and never thought twice to check the shadow permissions (until the
discussion camed up under another thread over the last month or so). Is
there a general notification about this out there somewhere beside the
security lists?

Thanks in advance & best regards,
Troy Arnold

Follow-Ups:
- SV: [cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround
  - From: Kai r. s., euroweb as

Prev by Date: Re: [cobalt-security] CMU Security problem [ /etc/shadow permissions ]
Next by Date: Re: [cobalt-security] Apache running as root . . . .
Previous by thread: [cobalt-security] SNMP advisory at CERT
Next by thread: SV: [cobalt-security] Re: ADVISORY: shadow file vulnerability:cause & workaround

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index