TUCoPS :: SCO :: sco5130.htm

webtop bad suid gives local root
25th Feb 2002 [SBWID-5130]
COMMAND

	webtop bad suid gives local root

SYSTEMS AFFECTED

	UnixWare 7, Open UNIX 8

PROBLEM

	\'jggm\' [JeGalGhongMyeung] found :
	

	The setuid scripts in the webtop  product  may  be  used  to  gain  root
	privileges.
	

	

SOLUTION

	 Patch :

	 =====

	

	ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.6/

	

	 Workaround :

	 ==========

	

	If  the  webtop  functionality  is  not  needed,   remove   the   setuid
	permissions from the scripts:
	

	# chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/scoadminreg.cgi

	# chmod -s /opt/webtop/bin/i3un0212/cgi-bin/admin/service_action.cgi

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH