SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   ifile (UnixWare) Vendors:   Caldera/SCO
Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users
SecurityTracker Alert ID:  1003533
SecurityTracker URL:  http://securitytracker.com/id/1003533
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 13 2002
Impact:   Disclosure of system information
Exploit Included:  Yes  

Description:   An information disclosure vulnerability was reported in Caldera's UnixWare operating system (aka SCO). A local user can obtain an encrypted copy of the root password.

It is reported that the default installation of Caldera/SCO UnixWare sets insecure permissions on the isl/ifile. The file is set to be world-readable. The file reportedly contains an encrypted (securely hashed) copy of the root password. A local user could access the password and attempt a brute-force password guessing attack.

Some of the file contents are shown:

OWNER_NAME="Derryle Gogel"
USERNAME="Derryle Gogel"
OWNER_UID="101"
USERNUM="101"
OWNER_PW_ENCRYPTED="MM6GHkuVL0Pb6"
owner_pw_len="8"
ROOT_PW_ENCRYPTED="0N9VekO0riY8w"
password_len="6"
accept_pla="true"
PKGINSTALL="NEWINSTALL"
ROOTFS="vxfs"

Impact:   A local user can obtain an encrypted copy of the root password and attempt a brute force password guessing attack.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7.1.X

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Caldera Issues Fix Recommendation) Re: Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users
The vendor has issued a fix recommendation.



 Source Message Contents

Subject:  SCO UnixWare 7.1.X


Well.. Looks like a insecure file vuln exsists within the system created
file when you do the initial install of SCO.


Lets take a look here at /var/adm/isl/ifile 
root@cccy.br03D124# ls -l /var/adm/isl/ifile
-rw-r--r--    1 root     root           4691 Sep 24  1999 /var/adm/isl/ifile
And we all know the shadow file is read-only by root

Let me know what ya think!

OWNER_NAME="Derryle Gogel"
USERNAME="Derryle Gogel"
OWNER_UID="101"
USERNUM="101"
OWNER_PW_ENCRYPTED="MM6GHkuVL0Pb6"
owner_pw_len="8"
ROOT_PW_ENCRYPTED="0N9VekO0riY8w"
password_len="6"
accept_pla="true"
PKGINSTALL="NEWINSTALL"
ROOTFS="vxfs"



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC