Bugtraq mailing list archives

[8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX

From: 8lgm () bagpuss demon co uk ([8LGM] Security Team)
Date: Sat, 14 May 1994 04:16:03 +0100


This advisory update has been sent to:

        comp.security.unix

        BUGTRAQ                 <bugtraq () crimelab com>
        CERT/CC                 <cert () cert org>
        Sun Microsystems        <security-alert () sun com>

===========================================================================
             [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX


With reference to [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 released
yesterday, a few people have pointed out that the fix given is not
enough in all situations.

The problem is that passwd(1) is linked to chfn(1) and friends, and
yppasswd(1) is a copy of passwd(1).  Therefore, yppasswd(1) also needs
to be patched.  The following is now the recommended way to fix the
problem.


WORKAROUND & FIX:

        1. Contact your vendor for a patch.

        2. Patch the passwd binary to remove the '-F' option.

      # cd /bin
      # cp passwd passwd.old; chmod 700 passwd.old
      # adb -w - passwd

        not core file = passwd

      /l 'F:'

        0x68de

The above address is required in the following step:

      0x68de/w 0

        0x68de:         0x463a  =       0x0
        <CTRL-D>

      # chmod 4711 /bin/passwd
      # /bin/passwd -F /tmp/WinnersBlues

        passwd: illegal option -- F
        Usage: passwd [-l|-y] [-F file] [-afs] [-d user] [-e user]
                [-n numdays user] [-x numdays user] [user]
        # 

        Repeat the adb stage, and patch yppasswd in the same way.
        (replace 'passwd' by  'yppasswd')

        Thanks to all those who pointed that out, we apologise for
        the error!


FEEDBACK  & CONTACT INFORMATION:

        8lgm-bugs () bagpuss demon co uk           (To report security flaws)

        8lgm-request () bagpuss demon co uk        (Request for [8lgm] Advisories)

        8lgm () bagpuss demon co uk                (General enquiries)

        System Administrators are encouraged to contact us for any
        other information they may require about the problems described
        in this advisory.

        We welcome reports about which platforms this flaw does or does
        not exist on.


        NB: 8lgm-bugs () bagpuss demon co uk is intended to be used by
        people wishing to report which platforms/OS's the bugs in our
        advisories are present on.  Please do *not* send information on
        other bugs to this address - report them to your vendor and/or
        comp.security.unix instead.
===========================================================================

Current thread:

wolves and sheep on the inet, (continued)
- - - wolves and sheep on the inet Timothy Newsham (May 11)
    - Re: wolves and sheep on the inet Gene Spafford (May 13)
    - Re: wolves and sheep on the inet Steve Simmons (May 13)
    - permissions Perry E. Metzger (May 16)
    - Re: permissions Pat Myrto (May 16)
    - Re: permissions Evil Pete (May 17)
    - Re: permissions Pat Myrto (May 17)
    - Re: permissions Gene Spafford (May 17)
    - Re: permissions Evil Pete (May 18)
    - Re: permissions Evil Pete (May 18)
    - [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX [8LGM] Security Team (May 13)
    - iss equivalents *Hobbit* (May 11)
    - Source vs. binary for tools Jeremy Epstein -C2 PROJECT (May 12)
    - runaway lockd problems (SunOS 4.1.3) Pat Myrto (May 12)
    - [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 [8LGM] Security Team (May 12)
    - Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Pat Myrto (May 13)
    - Re: [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 Gene Spafford (May 13)
    - Re: Time For New Security Package? (was Re: new iss stuff) Mark (May 10)
  - Selling binaries Karyn Pichnarczyk (May 10)
- Re: new iss stuff Everett F Batey WA6CRE (May 10)
- Re: new iss stuff root () maths su oz au (May 10)

(Thread continues...)