exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

caldera.coas.shadow.txt

caldera.coas.shadow.txt
Posted Aug 17, 1999

All versions of COAS (Caldera Open Administration Tool) previous to coas-1.0-8 may make /etc/shadow world readable. Vendor solutions and upgrade information included.

tags | exploit
SHA-256 | fc34ff51f6f40b67054ae729042ed711e9cee7849b9b0be4cfc24c4c21f3fbd2

caldera.coas.shadow.txt

Change Mirror Download
Date: Tue, 27 Apr 1999 20:26:16 -0600
From: synapse <syn@TOXYGENE.MADSCIENCE.NU>
To: BUGTRAQ@netspace.org
Subject: Caldera Advisory

Heya Aleph,

Not sure if this had come accross the list.


-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________
Caldera Systems, Inc. Security Advisory

Subject: COAS
Advisory number: CSSA-1999:009.0
Issue date: 1999 04 27
Cross reference:
______________________________________________________________________________


1. Problem Description

/etc/shadow may get world readable


2. Vulnerable Versions

Systems: OpenLinux 2.2.
Packages: previous to coas-1.0-8


3. Solutions


The proper solution is to upgrade to the coas-1.0-8 package.
If /etc/shadow is world-readable, this is fixed with

chmod 600 /etc/shadow


4. Location of Fixed Packages

The upgrade packages can be found on Caldera's FTP site at:

ftp://ftp.calderasystems.com/pub/OpenLinux/updates/2.2/current/RPMS/

The corresponding source code package can be found at:

ftp://ftp.calderaystems.com/pub/OpenLinux/updates/2.2/current/SRPMS


5. Installing Fixed Packages

Upgrade the affected packages with the following commands:

rpm -q coas && rpm -U coas-1.0-8.i386.rpm


6. Verification

The MD5 checksums (from the "md5sum" command) for these packages are:

1efa8cde40f5684293e03c2499f2f59f README
b3fa473f6ba574052991bf2254bd378d RPMS/coas-1.0-8.i386.rpm
3bfa00aa3230f97537e8baa2c0454d08 SRPMS/coas-1.0-8.src.rpm


7. References

This and other Caldera security resources are located at:

http://www.calderasystems.com/news/security/index.html

Additional documentation on this problem can be found in:


This security fix closes Caldera's internal Problem Report 4544.


8. Disclaimer

Caldera Systems, Inc. is not responsible for the misuse of any of the
information we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended to
promote secure installation and use of Caldera OpenLinux.

______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQCVAwUBNyW4/+n+9R4958LpAQHntgP/cHhIOaKUPRfeBOtMQP7lZ2NQlEPrqzkq
cu/Q9IvIqrvm/mFikznaMTdehz0Jql2NuY2Zjs0MUdF0Rm7KsgBQ6BYX+10GAE2W
HAZIuYQ2zeM2acGcrvzGYExkKmrLOfhD77V9l7rZ9WieQO7B8vmj5N4nGdkUNz2U
j+AigG8FJNI=
=O2I/
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close