On Fri, Jan 21, 2000 at 07:15:20PM -0600, harikiri wrote: > w00w00 Security Advisory - http://www.w00w00.org > > Title: S/Key & OPIE Database Vulnerability > Platforms: BSD/OS 4.0.1 (SKEY). > FreeBSD 3.4-RELEASE (OPIE). > Linux Distributions (with skey-2.2-1 RPM). > Any Unix running skey-2.2. (possibly earlier versions too) > Discovered: 14th January, 2000 NetBSD began installing a mode 600 /etc/skeykeys file as of Jan 6, 1999. This issue would not affect the two most recent formal releases, 1.4, and 1.4.1 - as they include the more secure default. Users of skey on earlier installs should evaluate appropriate permissions for their /etc/skeykeys file based on local requirements (e.g. non-setuid programs performing authentication) - as indicated in the w00w00 advisory. I'm not a member of the NetBSD security team, I'm just speaking as a user... -- David Maxwell, davidat_private|davidat_private --> Any sufficiently advanced Common Sense will seem like magic... - me
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:30:52 PDT