[8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX

[8LGM] Security Team (8lgm@bagpuss.demon.co.uk)
Sat, 14 May 1994 04:16:03 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Daniel Azuelos: "Re: ruserok() & /etc/hosts.equiv"
Previous message: Steve Simmons: "Re: wolves and sheep on the inet"

This advisory update has been sent to:

        comp.security.unix

        BUGTRAQ                 <bugtraq@crimelab.com>
        CERT/CC                 <cert@cert.org>
        Sun Microsystems        <security-alert@sun.com>

===========================================================================
             [8lgm]-Advisory-7.UNIX.passwd.11-May-1994.NEWFIX


With reference to [8lgm]-Advisory-7.UNIX.passwd.11-May-1994 released
yesterday, a few people have pointed out that the fix given is not
enough in all situations.

The problem is that passwd(1) is linked to chfn(1) and friends, and
yppasswd(1) is a copy of passwd(1).  Therefore, yppasswd(1) also needs
to be patched.  The following is now the recommended way to fix the
problem.


WORKAROUND & FIX:

        1. Contact your vendor for a patch.

	2. Patch the passwd binary to remove the '-F' option.

>	# cd /bin
>	# cp passwd passwd.old; chmod 700 passwd.old
>	# adb -w - passwd
	not core file = passwd
>	/l 'F:'
	0x68de

The above address is required in the following step:

>	0x68de/w 0
	0x68de:         0x463a  =       0x0
	<CTRL-D>
>	# chmod 4711 /bin/passwd
>	# /bin/passwd -F /tmp/WinnersBlues
	passwd: illegal option -- F
	Usage: passwd [-l|-y] [-F file] [-afs] [-d user] [-e user]
	        [-n numdays user] [-x numdays user] [user]
	# 

	Repeat the adb stage, and patch yppasswd in the same way.
	(replace 'passwd' by  'yppasswd')

	Thanks to all those who pointed that out, we apologise for
	the error!


FEEDBACK  & CONTACT INFORMATION:

        8lgm-bugs@bagpuss.demon.co.uk           (To report security flaws)

        8lgm-request@bagpuss.demon.co.uk        (Request for [8lgm] Advisories)

        8lgm@bagpuss.demon.co.uk                (General enquiries)

        System Administrators are encouraged to contact us for any
        other information they may require about the problems described
        in this advisory.

        We welcome reports about which platforms this flaw does or does
        not exist on.


        NB: 8lgm-bugs@bagpuss.demon.co.uk is intended to be used by
        people wishing to report which platforms/OS's the bugs in our
        advisories are present on.  Please do *not* send information on
        other bugs to this address - report them to your vendor and/or
        comp.security.unix instead.
===========================================================================

Next message: Daniel Azuelos: "Re: ruserok() & /etc/hosts.equiv"
Previous message: Steve Simmons: "Re: wolves and sheep on the inet"