[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] fun with /usr/lib/authenticate

Subject: RE: [cobalt-security] fun with /usr/lib/authenticate
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri, 23 Aug 2002 18:32:15 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Jonathan Michaelson wrote:

> Tried the exploit on an up to date RaQ4 and the exploit
> did not work. It was able to do everything except the
> most important bit which was to get a CRON job to run
> to allow root access. Maybe the exploit is crippled?

In the best tradition of public full disclosure, indeed it is. You need a smattering of shell scripting knowledge to work out where the fault is. And if you read your email after running the script, it's made extremely clear ;-)

The fix is almost made extremely clear inside the exploit script.

BTW I ran it on a patched right-up-to-the-one-before-the-SHP debacle RaQ4, and it worked right-out-the-box. I have, however, long since ceased to be surprised by these things. In my experience, if you have interactive shell access as any user, you have root already.

Lesson to be learned here is: don't give users shell access, unless you absolutely trust them.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Follow-Ups:
- Re: [cobalt-security] fun with /usr/lib/authenticate
  - From: Michael Stauber
- Re: [cobalt-security] fun with /usr/lib/authenticate
  - From: Jonathan Michaelson

Prev by Date: Re: [cobalt-security] fun with /usr/lib/authenticate
Next by Date: Re: [cobalt-security] fun with /usr/lib/authenticate
Previous by thread: Re: [cobalt-security] fun with /usr/lib/authenticate
Next by thread: Re: [cobalt-security] fun with /usr/lib/authenticate

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index