[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Fwd: [cobalt-security] Bug-Travel
- Subject: Re: [cobalt-users] Fwd: [cobalt-security] Bug-Travel
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue Jan 21 02:12:03 2003
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Bruce Timberlake wrote:
> > # Effects: <= apache-1.3.20-RaQ4_1C3 (AFAIK all Cobalt Linux
> > Apache ;) # Quick Fix: su - root -c "chmod 755
> > /usr/lib/authenticate"
> >
> > Is that something to do?
>
> Yeah, but when I checked mine, it was already at those permissions...
Mine was -rwsrwxr-x; 755 changes it to -rwxr-xr-x.
I did it... let's see if anything breaks.
I've been working on three systems which had this hack; it's kept me up
since Friday. I strongly suggest you fix your box if it's vulnerable.
Thank you Greg, who not only posted the issue, but who did a lot of work
to figure it out, and who was nice enough to call me to let me know
about it.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";