SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (UNIX)  >   ifile (UnixWare) Vendors:   Caldera/SCO
(Caldera Issues Fix Recommendation) Re: Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users
SecurityTracker Alert ID:  1003558
SecurityTracker URL:  http://securitytracker.com/id/1003558
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 14 2002
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   An information disclosure vulnerability was reported in Caldera's UnixWare operating system (aka SCO). A local user can obtain an encrypted copy of the root password.

It is reported that the default installation of Caldera/SCO UnixWare sets insecure permissions on the isl/ifile. The file is set to be world-readable. The file reportedly contains an encrypted (securely hashed) copy of the root password. A local user could access the password and attempt a brute-force password guessing attack.

Some of the file contents are shown:

OWNER_NAME="Derryle Gogel"
USERNAME="Derryle Gogel"
OWNER_UID="101"
USERNUM="101"
OWNER_PW_ENCRYPTED="MM6GHkuVL0Pb6"
owner_pw_len="8"
ROOT_PW_ENCRYPTED="0N9VekO0riY8w"
password_len="6"
accept_pla="true"
PKGINSTALL="NEWINSTALL"
ROOTFS="vxfs"

Impact:   A local user can obtain an encrypted copy of the root password and attempt a brute force password guessing attack.
Solution:   Caldera recommends that all affected systems change the file modes of /var/adm/isl/ifile to be readable only by root:

# chmod 400 /var/adm/isl/ifile

In addition, Caldera also recommends that you change the root and owner passwords.

Vendor URL:  www.caldera.com/ (Links to External Site)
Cause:   Access control error
Underlying OS:  UNIX (Open UNIX-SCO)
Underlying OS Comments:  UnixWare 7, Open UNIX 8

Message History:   This archive entry is a follow-up to the message listed below.
Feb 13 2002 Caldera UnixWare 'ifile' Default Permissions Disclose Hashed Root Password to Local Users



 Source Message Contents

Subject:  Open UNIX, UnixWare 7: encrypted password disclosure


This is a multi-part message in MIME format.
--------------EBB1999891E0D5FF90012A67
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5/CSSA-2002-SCO.5.txt
--------------EBB1999891E0D5FF90012A67
Content-Type: text/plain; charset=us-ascii;
 name="CSSA-2002-SCO.5.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="CSSA-2002-SCO.5.txt"

___________________________________________________________________________

	    Caldera International, Inc. Security Advisory

Subject:		Open UNIX, UnixWare 7: encrypted password disclosure
Advisory number: 	CSSA-2002-SCO.5
Issue date: 		2002 February 14
Cross reference:
___________________________________________________________________________


1. Problem Description
	
	After installation of the product, the file /var/adm/isl/ifile
	is left readable by all users. This file contains, among other
	things, the encrypted root password, and the encrypted owner
	password.


2. Vulnerable Supported Versions

	Operating System	Version		Affected Files
	------------------------------------------------------------------
	UnixWare 7		All		/var/adm/isl/ifile
	Open UNIX		8.0.0		/var/adm/isl/ifile


3. Solution

	Caldera recommends that all affected systems change the file
	modes of /var/adm/isl/ifile to be readable only by root:

	# chmod 400 /var/adm/isl/ifile

	In addition, Caldera also recommends that you change the root
	and owner passwords.

	
4. References

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5/

	This and other advisories are located at
		http://stage.caldera.com/support/security

	This advisory addresses Caldera Security internal incidents
	sr860350, fz520151.

5. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on our website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera International products.


6. Acknowledgements

	Caldera wishes to thank Derryle Gogel <gogeld@citifinancial.com>,
	who discovered and researched this vulnerability.

	 
___________________________________________________________________________

--------------EBB1999891E0D5FF90012A67--



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC