Date: Mon, 18 Feb 2002 09:49:16 -0800
From: security@caldera.com
To: bugtraq@securityfocus.com, announce@lists.caldera.com,
Subject: Security Update: [CSSA-2002-SCO.5.1] REVISION: Open UNIX, UnixWare 7, OpenServer: encrypted password disclosure
--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.=
on.ca=20
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: REVISION: Open UNIX, UnixWare 7, OpenServer: encrypted password d=
isclosure
Advisory number: CSSA-2002-SCO.5.1
Issue date: 2002 February 16
Cross reference: CSSA-2001-SCO.5
___________________________________________________________________________
1. Problem Description
The first version of this advisory specifically mentioned a
file that was, indeed, readable by others and contained the
encrypted root password, but the directories leading up to it
were not searchable. Therefore, it was not a true
vulnerability. After some research, Caldera has discovered
files that are accessible to others that do contain
information that might be used to compromise the system's
security.
=09
After installation of the product, several files are left
readable by all users. These files contain, among other
things, encrypted passwords.
2. Vulnerable Supported Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /usr/ns-home/admserv/admpw=20
/usr/internet/httpd/admserv/admpw
Open UNIX 8.0.0 /usr/ns-home/admserv/admpw
/usr/internet/httpd/admserv/admpw
/var/sadm/pkg/update800/install/morepkgs/scripts/debug.out
OpenServer All /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.fi=
le
/var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file
3. Solution
3.1 UnixWare 7
Caldera recommends that all affected systems change
the file modes of the following files to be readable
only by root:
# chmod 400 /usr/ns-home/admserv/admpw
# chmod 400 /usr/internet/httpd/admserv/admpw
In addition, Caldera also recommends that you change
the root and owner passwords.
3.2 Open UNIX
Caldera recommends that all affected systems change
the file modes of the following files to be readable
only by root:
# chmod 400 /usr/ns-home/admserv/admpw
# chmod 400 /usr/internet/httpd/admserv/admpw
# chmod 400 /var/sadm/pkg/update800/install/morepkgs/scripts/debug.out
In addition, Caldera also recommends that you change
the root and owner passwords.
3.3 OpenServer
Caldera recommends that all affected systems change
the file modes of the following files to be readable
only by root:
# chmod 400 /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.file
# chmod 400 /var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file
In addition, Caldera also recommends that you change
the root password.
=09
4. References
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5.1/
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incident
sr860350.
5. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
6. Acknowledgements
Caldera wishes to thank the efforts of Derryle Gogel
<gogeld@citifinancial.com>, who gave us the impetus to
investigate this issue more thoroughly.
=20
___________________________________________________________________________
--Qxx1br4bt0+wmkIi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org
iEYEARECAAYFAjxxPpwACgkQaqoBO7ipriF/iACeOFgBq24Dtwko42jQcxHtqAZn
j3YAn1jMOMUYXi/RKbsbICtXFnErv+fE
=jWLb
-----END PGP SIGNATURE-----
--Qxx1br4bt0+wmkIi--
