Just been doing some checking, and it seems this 'quick fix' whilst it indeed does fix, also means that some forms of .htaccess don't work, client informed me that webalizer stats access was now nolonger accepting groups as valid users.
Chmod 4775 worked to restore access, but then allows exploit again.. So, those of you with live boxes and clients, beware. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jamie - i-Dot Sent: 10 September 2002 00:43 To: [EMAIL PROTECTED] Subject: RE: [cobalt-security] Local Root exploit # Quick Fix: su - root -c "chmod 755 /usr/lib/authenticate" Simple fix for those who missed it in the script itself. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Thomas Mertz Sent: 09 September 2002 23:56 To: [EMAIL PROTECTED] Subject: Re: [cobalt-security] Local Root exploit This vulnerability was posted to the list a couple or more weeks ago (although from a different source). So far no response from Sun. Tom ----- Original Message ----- From: "Brett Wright" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 09, 2002 6:46 PM Subject: [cobalt-security] Local Root exploit > Hey > > Not sure if this has been posted here yet, but i tried it on a raq4 > and it worked. > > http://www.securiteam.com/exploits/5MP0R0A80K.html > > Regards > Brett > > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
