[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Fix for /usr/lib/authenticate vulnerability
- Subject: [cobalt-security] Fix for /usr/lib/authenticate vulnerability
- From: Eugene Crosser <crosser@xxxxxxxxxxx>
- Date: 25 Sep 2002 13:55:19 +0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Ok gentlemen,
I got tired of waiting for Sun to come up with a patch for the infamous
vulnerability in /usr/lib/authnticate and here are my recommendations:
1. Get RPM that contains the source for the program in question:
wget ftp://ftp-eng.cobalt.com/pub/unsupported/raq4/srpms/apache-1.3.20-RaQ4_1C1experimental.src.rpm
(it is an outdated RPM but never mind, we'll only use one program from
it that probably did not change)
2. Unpack the source:
rpm -ihv apache-1.3.20-RaQ4_1C1experimental.src.rpm
3. Go to the source directory:
cd /usr/src/redhat/BUILD/apache/mod_auth_pam_external-1.0a/authenticate
4. Remove "-pg" compiler option from the Makefile:
--- Makefile.orig Thu Jul 12 03:43:33 2001
+++ Makefile Wed Sep 25 13:34:52 2002
@@ -6,7 +6,7 @@
# LOCALFLAGS= compiler flags. Usually -g, -O, and stuff like that.
CC=gcc
-LOCALFLAGS= -g -I/usr/include -pg
+LOCALFLAGS= -g -I/usr/include
LIB=-lpam -ldl
# -------------------- No User Servicable Parts Below -----------------------
5. Build the binary:
make
6. Replace vulnerable binary with the newly built one:
# (run as root)
mv /usr/lib/authenticate /usr/lib/authenticate.orig
chmod -s /usr/lib/authenticate.orig
cp authenticate /usr/lib/
chmod u+s /usr/lib/authenticate
7. Verify the the exploit no longer works
Michael,
do you think you might build a package like you recently did for
mod_ssl?
Eugene