-----BEGIN PGP SIGNED MESSAGE-----

Subject: Caldera Security Advisory SA-1997.09: /var/log/messages vulnerability 

Caldera Security Advisory SA-1997.09

Original report date:  25-Jun-1997 (actually much earlier)
Original issue date:    8-Jul-1997
Last revised:          22-Jul-1997

Topic: /var/log/messages vulnerability

I. Problem Description

  On systems such as Caldera Network Desktop 1.0 and OpenLinux 1.0,
  the file /var/log/messages is readable by all users.

  Passwords inadvertently mis-typed at the "login:" prompt are recorded
  in this log file thus making passwords available or easy to guess.

  For this vulnerability to be exposed, the system must have the file
  /var/log/messages world readable.

II. Impact

  Passwords inadvertently mis-typed at the "login:" prompt (either by
  hand or via PPP login scripts) are recorded in this log file thus
  making them publicly available or at least easy to guess.

  Other security related information may be recorded in this file.

III. Solution

  As a permanent fix, make the log file un-readable by others with the
  following command:

    chmod go-rwx /var/log/messages

  Caldera OpenLinux 1.1 is shipped in this state.

IV. References / Credits

  This and other Caldera security resources are located at:

    http://www.caldera.com/tech-ref/security/

  Cataloged on "Reptile's Linux Security Page":
  
    http://www.users.interport.net/~reptile/linux/

  One exploit is available from Dave G. (12/06/96) <daveg@escape.com>
  at the above web page.

  This advisory closes Caldera's internal bug report #814 reported
  by Erik Ratcliffe.

  $Id: SA-1997.09,v 1.4 1997/07/22 17:19:31 ron Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBM9Txaen+9R4958LpAQHkUQQAj/Rmu7o/Vzq9t60nxj34FJmoqJIyum0A
ig3dJPFeIY5cccMZjoVQG7xJWoi4SEx5P7bHO4hEzH54tQahc5tSc4Lemj3zETYO
pz0NbWZFBJM1pzyMx1QKrGVkVQ+NLN7DwkBIWw2Tb1MEy8qk10nZ0zjQhKlauMSa
eueAzXsyW+Y=
=AlFk
-----END PGP SIGNATURE-----