To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca
___________________________________________________________________________
Caldera International, Inc. Security Advisory
Subject: Open UNIX, UnixWare 7: encrypted password disclosure
Advisory number: CSSA-2002-SCO.5
Issue date: 2002 February 14
Cross reference:
___________________________________________________________________________
1. Problem Description
After installation of the product, the file /var/adm/isl/ifile
is left readable by all users. This file contains, among other
things, the encrypted root password, and the encrypted owner
password.
2. Vulnerable Supported Versions
Operating System Version Affected Files
------------------------------------------------------------------
UnixWare 7 All /var/adm/isl/ifile
Open UNIX 8.0.0 /var/adm/isl/ifile
3. Solution
Caldera recommends that all affected systems change the file
modes of /var/adm/isl/ifile to be readable only by root:
# chmod 400 /var/adm/isl/ifile
In addition, Caldera also recommends that you change the root
and owner passwords.
4. References
ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5/
This and other advisories are located at
http://stage.caldera.com/support/security
This advisory addresses Caldera Security internal incidents
sr860350, fz520151.
5. Disclaimer
Caldera International, Inc. is not responsible for the misuse
of any of the information we provide on our website and/or
through our security advisories. Our advisories are a service
to our customers intended to promote secure installation and
use of Caldera International products.
6. Acknowledgements
Caldera wishes to thank Derryle Gogel <gogeld@citifinancial.com>,
who discovered and researched this vulnerability.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
