SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Pkginfo (UnixWare packaging tools) Vendors:   Caldera/SCO
SCO UnixWare Packaging Tools Let Local Users Display /etc/shadow Password File Contents
SecurityTracker Alert ID:  1001890
SecurityTracker URL:  http://securitytracker.com/id/1001890
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 2 2001
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): UnixWare 7
Description:   SCO reported that their packaging tools contain a vulnerability that allows local users to display the contents of the shadow password file.

The packaging tools can be used by local users to display the contents of /etc/shadow. The method for triggering the vulnerability was not disclosed.

Affected programs include:

/usr/bin/pkginfo
/usr/bin/pkgparam
/usr/bin/pkgtrans
/usr/sbin/pkgadd
/usr/sbin/pkgcat
/usr/sbin/pkginstall
/usr/sbin/pkgrm

A similar vulnerability was reported in December 1999 and apparently patched soon after.

Impact:   A local user can display the contents of the /etc/shadow password file.
Solution:   Fixed binaries are available at: ftp://ftp.sco.com/pub/security/unixware/sr847997/
Vendor URL:  www.sco.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Open UNIX-SCO)

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2001-SCO.5] UnixWare: packaging tool exploits


--ZGiS0Q5IWpPtfppv
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: 8bit            

To: bugtraq@securityfocus.com security-announce@lists.securityportal.com announce@lists.caldera.com

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		UnixWare: packaging tool exploits
Advisory number: 	CSSA-2001-SCO.5
Issue date: 		2001 June 29
Cross reference:
___________________________________________________________________________



1. Problem Description

	The packaging tools can be exploited to print /etc/shadow,
	leading to a probable root compromise.


2. Vulnerable Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/usr/bin/pkginfo
						/usr/bin/pkgparam
						/usr/bin/pkgtrans
						/usr/sbin/pkgadd
						/usr/sbin/pkgcat
						/usr/sbin/pkginstall
						/usr/sbin/pkgrm
							

3. Workaround

	None.


4. UnixWare 7

  4.1 Location of Fixed Binaries

	ftp://ftp.sco.com/pub/security/unixware/sr847997/


  4.2 Verification

	md5 checksums:
	
	5d75084d724882c4baad12a255c00776	erg711743.Z


	md5 is available for download from

		ftp://ftp.sco.com/pub/security/tools/


  4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following commands:

	# uncompress /tmp/erg711713a.Z
	# pkgadd -d /tmp/erg711713a


5. References

	http://www.technotronic.com/xnec/
	http://www.calderasystems.com/support/security/index.html

6. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International, Inc. products.


7.Acknowledgements

	Caldera International wishes to thank Brock Tellier
	(btellier@usa.net) for his analysis and help concerning this
	issue.

	In addition, an acknowledgement to Mr. Tellier was
	inadvertently omitted from advisory [CSSA-2001-SCO.1].
	 
___________________________________________________________________________

--ZGiS0Q5IWpPtfppv
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjs8+VMACgkQaqoBO7ipriFDhACfciJYFy0iHrWMrqiVbSZLlO2Y
bhsAn3ZT97+2t3JqNszwAtxUJRtbWLON
=YcoZ
-----END PGP SIGNATURE-----

--ZGiS0Q5IWpPtfppv--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC