|
To: bugtraq@securityfocus.com announce@lists.caldera.com scoannmod@xenitec.on.ca ___________________________________________________________________________ Caldera International, Inc. Security Advisory Subject: REVISION: Open UNIX, UnixWare 7, OpenServer: encrypted password disclosure Advisory number: CSSA-2002-SCO.5.1 Issue date: 2002 February 16 Cross reference: CSSA-2001-SCO.5 ___________________________________________________________________________ 1. Problem Description The first version of this advisory specifically mentioned a file that was, indeed, readable by others and contained the encrypted root password, but the directories leading up to it were not searchable. Therefore, it was not a true vulnerability. After some research, Caldera has discovered files that are accessible to others that do contain information that might be used to compromise the system's security. After installation of the product, several files are left readable by all users. These files contain, among other things, encrypted passwords. 2. Vulnerable Supported Versions Operating System Version Affected Files ------------------------------------------------------------------ UnixWare 7 All /usr/ns-home/admserv/admpw /usr/internet/httpd/admserv/admpw Open UNIX 8.0.0 /usr/ns-home/admserv/admpw /usr/internet/httpd/admserv/admpw /var/sadm/pkg/update800/install/morepkgs/scripts/debug.out OpenServer All /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.file /var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file 3. Solution 3.1 UnixWare 7 Caldera recommends that all affected systems change the file modes of the following files to be readable only by root: # chmod 400 /usr/ns-home/admserv/admpw # chmod 400 /usr/internet/httpd/admserv/admpw In addition, Caldera also recommends that you change the root and owner passwords. 3.2 Open UNIX Caldera recommends that all affected systems change the file modes of the following files to be readable only by root: # chmod 400 /usr/ns-home/admserv/admpw # chmod 400 /usr/internet/httpd/admserv/admpw # chmod 400 /var/sadm/pkg/update800/install/morepkgs/scripts/debug.out In addition, Caldera also recommends that you change the root and owner passwords. 3.3 OpenServer Caldera recommends that all affected systems change the file modes of the following files to be readable only by root: # chmod 400 /var/opt/K/SCO/link/*/.softmgmt/ccsPersistent/cqs.save.file # chmod 400 /var/opt/K/SCO/Vidconf/*/.softmgmt/ccsPersistent/iqm_file In addition, Caldera also recommends that you change the root password. 4. References ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.5.1/ This and other advisories are located at http://stage.caldera.com/support/security This advisory addresses Caldera Security internal incident sr860350. 5. Disclaimer Caldera International, Inc. is not responsible for the misuse of any of the information we provide on our website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of Caldera International products. 6. Acknowledgements Caldera wishes to thank the efforts of Derryle Gogel <gogeld@citifinancial.com>, who gave us the impetus to investigate this issue more thoroughly.