[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] fun with /usr/lib/authenticate
- Subject: Re: [cobalt-security] fun with /usr/lib/authenticate
- From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
- Date: Fri, 23 Aug 2002 19:11:21 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello Graeme,
> > Tried the exploit on an up to date RaQ4 and the exploit
> > did not work. It was able to do everything except the
> > most important bit which was to get a CRON job to run
> > to allow root access. Maybe the exploit is crippled?
>
> In the best tradition of public full disclosure, indeed it is. You need a
smattering of shell scripting knowledge to work out where the fault is. And
if you read your email after running the script, it's made extremely clear
;-)
Got it - it works nicely now.
> BTW I ran it on a patched right-up-to-the-one-before-the-SHP debacle RaQ4,
and it worked right-out-the-box. I have, however, long since ceased to be
surprised by these things. In my experience, if you have interactive shell
access as any user, you have root already.
>
> Lesson to be learned here is: don't give users shell access, unless you
absolutely trust them.
I couldn't agree more.
--
Regards,
Jonathan Michaelson
Commercial CGI Scripting, Web Hosting
Web-based Email, Homepage Creation and Live Help products
http://www.webumake.com