userOsa can overwrite passwd and shadow

What is this stuff?

If this isn't exactly what you wanted, please try our Search (there's a LOT of techy and non-techy stuff here about Linux, Unix, Mac OS X and just computers in general!):



From - Wed Oct 13 06:36:13 1999
Xref: world comp.unix.sco.misc:107295
Path: world!newsfeed.mathworks.com!cam-news-hub1.bbnplanet.com!washdc3-snh1.gtei.net!news.gtei.net!dfiatx1-snr1.gtei.net.POSTED!not-for-mail
Newsgroups: comp.unix.sco.misc
Subject: Re: BUGTRAQ report References: <7tvq0m$gu1$1@hendrix.postino.com>
Organization: Gulfnet Kuwait
X-Newsreader: trn 4.0-test67 (15 July 1998)
From: john@kuwait.net (John Temples)
Lines: 9 Message-ID: <zOLM3.401$uI3.20885@dfiatx1-snr1.gtei.net>
X-Trace: 9+o0fRhXNTQnkWPEO4/lblJGOWteJr19Q1cQgZlSFRXO9V0VNM/5oBv8d3FIUbv1hYSvoT77irh7!J1SFY8+LSU6+rWg/CvLlGpe1xD+YP5sQOGTmGtFK2QxZ/1Dk5PG9IG82MBu2sWne0j2Me9Q=
X-Complaints-To: abuse@gte.net
X-Abuse-Info: Please be sure to forward a copy of ALL headers
X-Abuse-Info: Otherwise we will be unable to process your complaint properly
NNTP-Posting-Date: Tue, 12 Oct 1999 19:16:47 GMT
Distribution: world
Date: Tue, 12 Oct 1999 19:16:47 GMT
X-Mozilla-Status: 8010


Hate these ads?



In article <7tvq0m$gu1$1@hendrix.postino.com>,
Danny Aldham <danny@hendrix.postino.com> wrote:
>Any user may overwrite any file with group auth (i.e. /etc/shadow,
>/etc/passwd) using /etc/sysadm.d/bin/userOsa.



My quick fix for this is to edit userOsa and replace the string
"debug.log" with "/dev/null".
-- 
John W. Temples, III


















Comments


Add your comments

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Or use any RSS reader

Delivered by FeedBurner


ad
Views for this page
Today This Week This Month This Year  Overall
1124472 1,724

/Bofcusm/118.html copyright 1997-2004 (various authors) All Rights Reserved

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

More:
       - Security




Unix/Linux Consultants


http://www.vss3.com SCO/Caldera OpenServer, Unixware & Linux. Tarantella & Non-stop Clustering


http://www.cleverminds.net Need expert advice? Want a second opinion? CleverMinds is a one-stop-shop for a wide range of technology solutions. We support Unix, Linux, SCO as well as CMS, ecom, blogs, podcasts, search engines consulting and more. Contact us at web2.0@cleverminds.net 0r (617) 894-1282


http://echo3.net/ Unix/Linux Custom Applications, Web Hosting, C/C++ Programming Courses


Twitter
  • Nov 23 08:34
    So many sites tell me what I MUST do: focus on a niche, have an elevator pitch, all that.. naaaw - I LIKE being scatter brained.
  • Nov 23 07:35
    Bailing out GM et al. is like bailing out SCO. It makes me angry that they even TALK about it.








Change Congress

Related Posts