you told us about the workaround, but I couldnt find any such security advisory or
problem on logwatch's website or other security websites.
Could you please wrap it up in some form of an advisory with technical details and let
the world know.
=)
Thank You
-
Muhammad Faisal Rauf Danka
Here's the link my good man
http://www.securiteam.com/exploits/5OP0S2A6KI.html
Can we have some linkage? I didn't find any information about it on
logwatch.org or linuxsecurity.com.
Cheers,
Ash
Bailey Kong wrote:
if you haven't heard yet, root account can be compromised by a local
if you haven't heard yet, root account can be compromised by a local account
using logwatch.
the current work around i got was to chattr +i /etc/passwd
that makes it so /etc/passwd can't be modified, if and when you need to add
a user you can simply do chattr -i /etc/passwd
i hope no one has
Can we have some linkage? I didn't find any information about it on
logwatch.org or linuxsecurity.com.
Cheers,
Ash
Bailey Kong wrote:
if you haven't heard yet, root account can be compromised by a local account
using logwatch.
the current work around i got was to chattr +i /etc/passwd
that
On Thu, 2002-03-28 at 22:14, Bailey Kong wrote:
the current work around i got was to chattr +i /etc/passwd
that makes it so /etc/passwd can't be modified, if and when you need to add
a user you can simply do chattr -i /etc/passwd
that's absolutely pointless under linux. the exploit allows