SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Volution Vendors:   Caldera/SCO
Caldera Volution Manager Discloses LDAP Directory Administrator's Password to Local Users
SecurityTracker Alert ID:  1004448
SecurityTracker URL:  http://securitytracker.com/id/1004448
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 4 2002
Impact:   Disclosure of authentication information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.1
Description:   Caldera reported that the Caldera Volution Manager application stores the Directory Administrator's password in unencrypted form. A local user can view the password.

According to the report, Volution Manager stores the un-encrypted Directory Administrator's password in the /etc/ldap/slapd.conf configuration file.

The password line is formatted as follows:

rootpw <clear_text_password>

A local user can read the configuration file to view the password.

Impact:   A local user can view the Directory Administrator's password.
Solution:   No solution was available at the time of this entry. Caldera plans to correct this in the next version. For now, Caldera strongly recommends that you encrypt this password, using the following steps:

As the root user, run slappasswd, entering your desired password at the prompts (the example uses newpasswd as the new password; the password will not be seen as you type it).

# slappasswd
New password: newpasswd
Re-enter new password: newpasswd
{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz
#

The output is the new, encrypted password. In the file /etc/ldap/slapd.conf, replace the previous rootpw line with a line containing the new, encrypted password so that the line looks similar to this:

rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz

Vendor URL:  stage.caldera.com/support/security/ (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  Security Update: [CSSA-2002-024.0] Volution Manager: Directory Administrator password in cleartext


--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

To: bugtraq@securityfocus.com announce@lists.caldera.com security-alerts@linuxsecurity.com


______________________________________________________________________________

		Caldera International, Inc.  Security Advisory

Subject:		Volution Manager: Directory Administrator password in cleartext
Advisory number: 	CSSA-2002-024.0
Issue date: 		2002 June 3
Cross reference:
______________________________________________________________________________


1. Problem Description

	Volution Manager stores the unencrypted Directory
	Administrator's password in the /etc/ldap/slapd.conf file.

	This vulnerability will be corrected in the next release of
	Volution Manager.


2. Vulnerable Supported Versions


	System				Package
	----------------------------------------------------------------------
	Volution Manager 1.1		Standard


3. Solution

	Volution Manager stores the un-encrypted Directory
	Administrator's password in the /etc/ldap/slapd.conf file.
	The password line looks similar to this:

		rootpw		<clear_text_password>

	Caldera strongly recommends that you encrypt this password,
	using the following steps:

	As the root user, run slappasswd, entering your desired
	password at the prompts (the example uses newpasswd as the new
	password; the password will not be seen as you type it).

	# slappasswd
	New password: newpasswd
	Re-enter new password: newpasswd
	{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz
	#

	The output is the new, encrypted password. In the file
	/etc/ldap/slapd.conf, replace the previous rootpw line with a
	line containing the new, encrypted password so that the line
	looks similar to this:

		rootpw		{SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz


4. References

	Specific references for this advisory:
		none

	Caldera OpenLinux security resources:
		http://www.caldera.com/support/security/index.html

	Caldera UNIX security resources:
		http://stage.caldera.com/support/security/

	This security advisory closes Caldera incidents sr864231,
	erg501574.



5. Disclaimer

	Caldera International, Inc. is not responsible for the misuse
	of any of the information we provide on this website and/or
	through our security advisories. Our advisories are a service
	to our customers intended to promote secure installation and
	use of Caldera products.

______________________________________________________________________________

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SCO_SV)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1
=Hb6I
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC